--- Day changed Sun Jan 01 2012 00:11 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 00:11 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Remote host closed the connection] 00:12 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Ping timeout: 268 seconds] 00:32 -!- UnterPerro_ [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:32 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer] 00:32 -!- UnterPerro_ is now known as UnterPerro 01:20 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has quit [Read error: Connection reset by peer] 01:22 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has joined #openvpn 01:24 <@vpnHelper> RSS Update - forum: I Need Auto-reconnect when it drops connection 01:54 -!- resha [70c64e7e@gateway/web/freenode/ip.112.198.78.126] has joined #openvpn 01:56 < resha> hello, our ISP is using their own dns servers and if I use other dns servers like 8.8.8.8, I can blocked. what is my workaround on this to be used with openvpn? 01:58 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer] 01:58 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 01:59 < hyper_ch> resha: I don't understand the problem 02:01 < resha> hyper_ch: i am using mobile broadband. when I put 8.8.8.8 on the broadband device, I cant connect to internet. but if I use their dns server, it connects to internet. I suppose they use their dns server to block openvpn traffic. 02:02 < hyper_ch> I still don't understand what works, what doesn't and what you try to achieve 02:02 < hyper_ch> !goal 02:02 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 02:02 < hyper_ch> !welcome 02:02 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:04 < resha> hyper_ch: the problem is I cannot get through the internet with using isp dns server. 02:04 < hyper_ch> you don't need dns to access the internet 02:04 < hyper_ch> but I still have no clue what works when and what doesn't 02:05 < hyper_ch> yo have problems with vpn or not 02:05 < hyper_ch> do you run your own vpn server 02:06 < resha> i run my own vpn server. and the client cant access the internet. it seems that the ISP is using their own dns server that blocks openvpn traffic. if I use other dns server, I cant access internet still. 02:07 < hyper_ch> I still have no clue what works and what not 02:07 < hyper_ch> and you can access internet even without dns 02:08 < hyper_ch> I give up 02:08 < resha> works means able to access internet 02:09 < resha> yes i can access internet if that is without vpn traffic 02:09 < resha> but if with vpn traffic, i cant access internet 02:14 -!- magicblaze007 [~magicblaz@c-68-63-40-199.hsd1.fl.comcast.net] has joined #openvpn 02:16 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 02:18 -!- resha [70c64e7e@gateway/web/freenode/ip.112.198.78.126] has quit [Quit: Page closed] 02:23 -!- magicblaze007 [~magicblaz@c-68-63-40-199.hsd1.fl.comcast.net] has quit [Quit: Leaving.] 02:44 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has left #openvpn ["Leaving"] 03:04 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 03:24 < Doktor_J> am i alive here? 03:24 < Doktor_J> yay 03:25 < Doktor_J> resha: a DNS server is technically incapable of "blocking openvpn traffic". a *router* (or gateway) may be able to do so, but a DNS server is not. 03:32 < Doktor_J> the DNS server may choose to ignore your request to resolve a hostname (such as if you're using a well-known dynamic DNS provider such as dyndns.org for the VPN server, and for whatever reason the ISP feels it necessary to block access to dynamic DNS hosts) 03:33 <@vpnHelper> RSS Update - forum: OpenVPN with Google authenticator like 2FA (windows client) 03:33 < Doktor_J> but if you can figure out another way to get your VPN server's actual IP address (such as having it figure it out via whatismyip.org, and then emailing it to yourself -- or the end user -- every 12 hours or so) 03:34 < Doktor_J> you could just configure the client to connect directly to the IP, and the DNS server would be completely removed from the equation 03:35 < Doktor_J> what is more likely though is that the ISP (perhaps a work or school connection?) is blocking VPN traffic, or at least the standard OpenVPN port, via an upstream gateway 03:35 < Doktor_J> first thing to try is moving the VPN server to a non-standard port... try 1294 for example. 03:36 < Doktor_J> if that doesn't work, you could try moving your VPN server to a port that is commonly used for other standard services, such as 443 (HTTPS) 03:37 < Doktor_J> often times such network filtering will allow carte-blanche access on well-known, well-used ports such as that 03:40 < Doktor_J> i would also suggest enabling tls-auth on the server (and client too of course), which might make the data look more like HTTPS-ish traffic, if the network filters are actually inspecting the data transfer 03:40 < Doktor_J> i'm not sure if doing so results in the handshake being encrypted though, because if it doesn't, then the filters might catch the openvpn handshake and abort the connection right there. worth a shot though :) 03:41 < Doktor_J> and someone here more knowledgeable than me might be able to confirm/deny what i've suggested 03:41 < Doktor_J> lol 03:41 < Doktor_J> webchat + vpnHelper = fail 03:42 < Doktor_J> the link gets the closing > appended to it in webchat, breaking the link 03:42 < Doktor_J> perhaps vpnHelper could be tweaked to put spaces between the link itself and it's enclosing LT/GT brackets? 03:45 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 03:45 -!- mode/#openvpn [+o mattock] by ChanServ 03:47 < Doktor_J> hi mattock :) 03:47 <@mattock> hi 03:48 < Doktor_J> do you know who runs vpnHelper (the bot)? 03:48 < Doktor_J> had a tiny suggestion regarding it 03:49 < Doktor_J> its forum RSS update links get munged in the freenode webchat 03:49 < Doktor_J> if spaces could be put between the link and < / > brackets, that would probably fix it 03:51 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 03:53 < Doktor_J> from that, the link i get in webchat is http://forums.openvpn.net/topic9509.html#p19091%3E 03:53 <@vpnHelper> Title: OpenVPN Support Forum Can't find the solution to this anywere. Hope you can! : Off Topic, Related (at forums.openvpn.net) 03:53 < Doktor_J> (well that's an interesting feature of the bot) 03:53 < Doktor_J> (also amusing that it strips the extraneous character) 03:56 < Doktor_J> if it's an eggdrop with a tcl script performing the rss update functionality, i could assist with the fix :) 04:03 <@vpnHelper> RSS Update - forum: OpenVPN on CentOS 6 using webmin || Wrong routes set to the client 04:09 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 04:12 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 244 seconds] 04:20 -!- master_of_master [~master_of@p57B54453.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 04:22 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B52E02.dip.t-dialin.net] has joined #openvpn 04:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 252 seconds] 04:41 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:58 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has joined #openvpn 05:00 < ObamaIsAGangsta> http://pastebin.com/6wkybGab 05:00 < ObamaIsAGangsta> i'm trying to make a new client key and crt but have error message 05:01 < ObamaIsAGangsta> i made the key dir myself... i'm not sure where to find index.txt 05:06 < Doktor_J> ObamaIsAGangsta: try "touch /etc/openvpn/easy-rsa/2.0/keys/index.txt" 05:06 < Doktor_J> just to create it as an empty file 05:06 < Doktor_J> see if that shuts it up 05:06 < Doktor_J> (ideally it'll figure out that no keys have been generated, and just start filling the index.txt... not entirely sure though) 05:09 < ObamaIsAGangsta> ok i'll give it a shot thx 05:11 < ObamaIsAGangsta> http://pastebin.com/VZHXBnAf 05:12 < ObamaIsAGangsta> now its a different error 05:12 < Doktor_J> touch /etc/openvpn/easy-rsa/2.0/keys/serial 05:12 < Doktor_J> if i'm not mistaken, both of those are basically used for tracking generated keys 05:13 < ObamaIsAGangsta> im not sure why i dont have them 05:13 < Doktor_J> and if you haven't generated any yet, they don't seem to exist 05:13 < ObamaIsAGangsta> im using a ca.key and server.key that i generated months ago on another server 05:13 < Doktor_J> ah that'd be why 05:13 < ObamaIsAGangsta> i just put all the files into a key dir 05:13 < Doktor_J> you haven't generated any on this server 05:13 < ObamaIsAGangsta> only thing i've run is . ./vars and ./build-key 05:13 < Doktor_J> *nod* 05:15 < ObamaIsAGangsta> http://pastebin.com/u54x1vyH 05:15 < ObamaIsAGangsta> however it has created a key crt and csr for the new client 05:15 < ObamaIsAGangsta> so maybe i can ignore it? 05:16 < Doktor_J> most likely, yes... 05:16 < Doktor_J> cat /etc/openvpn/easy-rsa/2.0/keys/serial 05:16 < Doktor_J> see if it put anything in there 05:16 < ObamaIsAGangsta> i didnt keep the vars file from the old server, so i just made the fields the same as per the old vars file 05:16 < ObamaIsAGangsta> hope that wont be an issue 05:17 < Doktor_J> i can't imagine that being a problem 05:17 < ObamaIsAGangsta> just empty file 05:17 < Doktor_J> hmmmm 05:18 < Doktor_J> i'm not entirely sure how to proceed at this point 05:18 < Doktor_J> i'd guess try to connect with the newly-generated client keys and see if it works :P 05:18 < ObamaIsAGangsta> i'll try connecting as the new client 05:19 < ObamaIsAGangsta> yep 05:20 < Doktor_J> probably safe to ignore the error then, at least in the short term 05:20 < Doktor_J> i might suggest sticking around though, to see if someone more knowledgeable might have something to contribute regarding it 05:21 < Doktor_J> right now it's the wee hours of the morning for most of the US, with most people probably sleeping off their new years' celebrations 05:21 < ObamaIsAGangsta> ha 05:21 < ObamaIsAGangsta> i got pretty wasted 05:22 < ObamaIsAGangsta> yea its not gonna work, if i double click on the crt it says invalid for use as public security file 05:22 < ObamaIsAGangsta> gonna have to make a new certificate authority :( 05:22 < ObamaIsAGangsta> which is unfortunate as i have a few friends and family using existing keys 05:23 < Doktor_J> why are you double-clicking on the crt? 05:24 < Doktor_J> if you're only using the certificates for VPN, then openvpn's opinion of them is the only thing that should matter ;) 05:24 < ObamaIsAGangsta> just wanted to see if it looks normal 05:24 < Doktor_J> ah 05:24 < ObamaIsAGangsta> the actual error message when trying to connect is: 05:25 < ObamaIsAGangsta> http://pastebin.com/9zQXsbqC 05:25 < Doktor_J> oh, so it does puke when trying to connect, then 05:25 < Doktor_J> try this: 05:25 < Doktor_J> echo 1 > /etc/openvpn/easy-rsa/2.0/keys/serial 05:25 < Doktor_J> then generate a new key 05:25 < ObamaIsAGangsta> k 05:25 < Doktor_J> not gonna make any promises 05:25 < Doktor_J> but maybe it'll get you somewhere :D 05:26 < Doktor_J> <- still sorta an openvpn newbie 05:26 < Doktor_J> been learning a HELL of a lot about it this week though... *head on verge of exploding* 05:27 < ObamaIsAGangsta> exactly same error 05:27 < ObamaIsAGangsta> well ur clearly not a linux noob 05:27 < Doktor_J> meh :/ 05:28 < Doktor_J> lol... what i know about linux is largely due to my google-fu, and a few years of beating my head against it :D 05:28 < ObamaIsAGangsta> just dont know what im missing, i kept the ca.crt, server.crt, server.key and ca.key from old server 05:28 < Doktor_J> i started out learning openvpn for an implementation at work. finally got that implementation 99% done... once i take a bit of a break, i'm going to look at setting up a vpn server at home so my friends across the country can connect to my network, and we can have cross-country LAN parties :P 05:28 < ObamaIsAGangsta> should be sufficient to make new clients 05:29 < ObamaIsAGangsta> i'll stick around maybe someone will know of a proper way to generate index.txt 05:29 < Doktor_J> what about your dh.pem? 05:29 < ObamaIsAGangsta> also kept that 05:29 < Doktor_J> ah okay 05:29 < ObamaIsAGangsta> just didnt realise index is important 05:30 < Doktor_J> not sure... you might need the server.csr? 05:30 < ObamaIsAGangsta> ahh 05:30 < ObamaIsAGangsta> damn i dont have that 05:30 < Doktor_J> let me dig. i think that's just an intermediate file i happen to have laying around 05:30 < Doktor_J> may not be necessary 05:31 < ObamaIsAGangsta> ahhhhhh 05:31 < ObamaIsAGangsta> ok 05:31 < ObamaIsAGangsta> i ran . ./vars then ./clean-all 05:31 < ObamaIsAGangsta> running clean all has put index and serial in the key dir 05:32 < Doktor_J> ooh, progress? 05:32 < Doktor_J> try making a new cert 05:32 < ObamaIsAGangsta> yep 05:32 < Doktor_J> see, i learn by brute-force :D 05:32 < Doktor_J> bang my head on something 05:32 < Doktor_J> eventually my skull cracks and the knowledge leaks in >_< 05:33 < Doktor_J> not terribly efficient... but i learn a lot of interesting things that i might've otherwise missed 05:34 < ObamaIsAGangsta> well 05:34 < ObamaIsAGangsta> it didnt give me any error messages during creation 05:35 < ObamaIsAGangsta> i opened index.txt it is actually just an empty file, and serial simply has '01' written in it 05:35 < Doktor_J> that's a start 05:35 < Doktor_J> hmmm 05:36 < ObamaIsAGangsta> and im connected as the client 05:36 < ObamaIsAGangsta> :) 05:36 < Doktor_J> sweet 05:36 < ObamaIsAGangsta> clean-all script is a bit misleading, i thought it just does like a rm on the dir 05:38 < Doktor_J> lol 05:49 < ObamaIsAGangsta> what time is it in usa? 05:49 < ObamaIsAGangsta> here 8pm 05:49 < Doktor_J> 6:49 for me 05:49 < Doktor_J> i'm east coast 05:50 < ObamaIsAGangsta> ah 05:50 < ObamaIsAGangsta> shanghai for me 05:50 < ObamaIsAGangsta> even openvpn website is blocked if i dont use vpn ;) 05:50 < Doktor_J> i think it's 1:49 in hawaii, then 3:49-6:49 across the continental US 05:50 < Doktor_J> lol 05:50 < Doktor_J> naturally, because they don't want you to research that sort of thing :P 05:50 < ObamaIsAGangsta> yea 05:53 < ObamaIsAGangsta> most of the things they block like youtube facebook etc is just because they don't want compeition 05:53 < ObamaIsAGangsta> got their own versions of said services 05:55 < Doktor_J> well vpn is an insta-negation of every other block they have in place 05:55 < ObamaIsAGangsta> yea, even google doesnt work 05:55 < Doktor_J> so they're going to block the hell out of anything having to do with vpn :) 05:56 < Doktor_J> of course, because there's google.cn (last time i checked anyways) 05:56 < ObamaIsAGangsta> but usa is also cracking down on internet freedom, so i am sure alot more people are gonna use openvpn 05:56 < ObamaIsAGangsta> and exit their internet somewhere free 05:56 < Doktor_J> well they're trying to 05:56 < Doktor_J> there's a hell of a lot of people fighting it 05:57 < Doktor_J> one of the bills has already been canned 05:57 < ObamaIsAGangsta> good 05:57 < ObamaIsAGangsta> as my name suggests im not really a big fan of obama 05:57 < ObamaIsAGangsta> hope for ron paul ha 05:57 < Doktor_J> well it's not obama putting these through though 05:57 < Doktor_J> i think he actually promised to veto one of them if it came to him 05:58 < ObamaIsAGangsta> oh 05:58 < Doktor_J> (but i'm not a big fan of a lot of his policies, otherwise) 05:58 < Doktor_J> yeah, i'd be okay with ron paul i think 05:58 < ObamaIsAGangsta> then vote, im sure a caucaus or primary is coming to a state near you soon 05:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 05:59 < ObamaIsAGangsta> anyway yea, better stop talk politics before some1 complains about spamming with offtopic 05:59 < Doktor_J> i intend to... i don't always vote, but whenever state or national leadership is up on the ballot, or there's an issue i'm particularly interested in, i make damn sure i'm at the polls :) 06:00 < ObamaIsAGangsta> if things keep going the way they are, i wouldnt be suprised if vpns are banned for personal use 06:00 < ObamaIsAGangsta> obviously companies couldnt function without but 06:01 < ObamaIsAGangsta> in france and iran they are basically illegal already 06:01 < ObamaIsAGangsta> probably a few other places 06:05 < ObamaIsAGangsta> anyway thx for the help 06:05 < ObamaIsAGangsta> i once helped some1 set it up on centos server for like 2 hours 06:05 < ObamaIsAGangsta> totally spoon feeding, then he left without saying thanks 06:06 < ObamaIsAGangsta> after that i seldom bother 06:07 < Doktor_J> understood 06:07 < Doktor_J> you're welcome :) 06:09 < Doktor_J> krzee and hyper_ch helped me out 06:09 < Doktor_J> so i figure i can pay it forward a little :) 06:11 < ObamaIsAGangsta> krzee knows all 06:12 < Doktor_J> it would seem so 06:12 < hyper_ch> I didn't do it - whatever I'm accused of 06:13 < Doktor_J> lol 06:13 < hyper_ch> and why setup a centos server? it's even more outdated than debian stable 06:13 < Doktor_J> not often that someone denies a positive deed 06:13 < hyper_ch> as for the certs: 06:13 < hyper_ch> !pki 06:13 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 06:13 <@vpnHelper> signed specially as a server (see !servercert) 06:13 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 06:13 < hyper_ch> there's a nice table showing what files need to go where 06:14 < Doktor_J> yes, that table was very helpful for me :) 06:14 < ObamaIsAGangsta> why centos? its stable... 06:14 < ObamaIsAGangsta> i used rpmforge to install openvpn so i dont have quite the latest version 06:14 < ObamaIsAGangsta> 2.2 i think i have 06:14 < hyper_ch> apt apt apt apt :) 06:14 < Doktor_J> i'm using centos because it's what my company uses 06:14 < ObamaIsAGangsta> when 2.3 comes out i'll update because that will have full ipv6 support as i know, so we'll be able to use ip6 as the carrier 06:15 < Doktor_J> and they don't want to have to deal with having different distros on different servers 06:15 < hyper_ch> there's only four things I compile on debian: (1) znc (2) openvpn (3) freeswitch (4) rtorrent 06:15 < ObamaIsAGangsta> compiling it myself is a bit out of my league 06:15 < Doktor_J> i'm somewhat agnostic, personally. my own VPS runs freebsd 06:15 < ObamaIsAGangsta> im more a yum install openvpn kind of person 06:16 < hyper_ch> and on desktops/Notebooks I live Kubuntu 06:16 < Doktor_J> previously my shell account ran some debian-ish variant of linux 06:16 < hyper_ch> but I'm eyeing more and more at NixOS 06:16 < ObamaIsAGangsta> imo windows 7 ultimate is great 06:16 < ObamaIsAGangsta> just very... useable 06:16 < Doktor_J> (i don't remember exactly what, but i knew it used apt) 06:17 < hyper_ch> Kubuntu is very useable, safe, fast, free and libre :) 06:17 < Doktor_J> i like win7 because i'm a serious PC gamer 06:17 < hyper_ch> you don't need win7 for freeciv :) 06:17 < Doktor_J> if i didn't spend so much time playing games or futzing around in photoshop i'd probably set up a dual-boot 06:17 < ObamaIsAGangsta> im preety avid starcraft 2 player 06:18 < Doktor_J> <- mostly FPSes... TF2, L4D2, borderlands, etc 06:18 < Doktor_J> win7 is everything vista wanted to be but failed miserably at 06:18 < hyper_ch> photoshop.. .I see... for my needs Gimp is good enough :) 06:19 < Doktor_J> gimp drives me nuts 06:19 < ObamaIsAGangsta> yep its pretty much perfect, however they are butchering windows 8 its gonna be the new vista 06:19 < ObamaIsAGangsta> i ran the dev preview sooooo bad 06:19 < hyper_ch> Doktor_J: since gimp has single-window option now, it's become usable 06:19 < Doktor_J> i learned on photoshop way back in the day in high school working on the school newspaper (photoshop 3.0 baby), and just continued learning from there 06:19 < ObamaIsAGangsta> basically dumbing it down so that a pc will become like an ipad 06:20 < hyper_ch> well, photoshop is clearly superior to gimp 06:20 < Doktor_J> figuring out how to do all the stuff in gimp that i know how to do in photoshop just takes more time than i'm willing to commit to it 06:20 < ObamaIsAGangsta> back then i was using micrographix 06:20 < hyper_ch> but for the 95% of photoshop users gimp would also do 06:20 < Doktor_J> it probably would do for me too 06:20 < Doktor_J> but that learning curve is a bitch 06:20 < hyper_ch> some things are just done differently 06:21 < ObamaIsAGangsta> whats the point of the ipp.txt file, none of my clients ever get dished out the ip listed in it 06:21 < hyper_ch> same goes with office 06:21 < Doktor_J> and necessity drove me to overcome photoshop; there's no necessity for me to learn gimp 06:21 < hyper_ch> I didn't use 95% of the functionality provided with Office 2003 06:21 < Doktor_J> ObamaIsAGangsta: you need the persist-ip directive (or something like that) 06:21 < hyper_ch> yet coherent styling accross 100-150 pages was a nightmare in it 06:21 < hyper_ch> OOo did a much better job at that and so I stick to OOo or rather LO now 06:21 < Doktor_J> LO? 06:22 < hyper_ch> not to mention the save-to-pdf function OOo has had for years 06:22 < hyper_ch> LibreOffice 06:22 < Doktor_J> gotta love that. pay for acrobat? nuts to that. 06:22 < hyper_ch> I think office 2010 now also exports to pdf, right? 06:22 < Doktor_J> i believe so 06:23 < Doktor_J> (it's on my work computer, and does so -- not sure if it's native functionality, but it looks like it) 06:23 < hyper_ch> :) 06:23 < ObamaIsAGangsta> ifconfig-pool-persist ipp.txt i guess this goes in server.conf not the client confs 06:23 < Doktor_J> OOo's learning curve was shallow enough that i could adapt to it 06:23 < Doktor_J> ObamaIsAGangsta: correct 06:23 < hyper_ch> Doktor_J: I think it's native now 06:23 < hyper_ch> before you had to install some free pdf-printer software 06:23 < Doktor_J> yeah 06:23 < hyper_ch> like pdf995 06:23 < Doktor_J> pdfwriter 06:24 < Doktor_J> gimp would win a lot more users if a dev could devote some time to making some sort of option/skin/wtfever that made it feel more like photoshop 06:24 < hyper_ch> Doktor_J: well, the singl-window-mode is already a big step towards it 06:24 < Doktor_J> *nod* 06:24 < hyper_ch> I hated those flying tool-palettes 06:24 < Doktor_J> i don't think i've seen that yet 06:24 < Doktor_J> might have to check it out 06:25 < Doktor_J> but i also use a lot of layer, filtering and adjustment functionality in photoshop, and figuring out how to do so in gimp has proven a PITA when i've tried 06:25 < hyper_ch> http://files.chromecode.com/temp/gimp-single-window-mode-in-progress.png 06:26 < hyper_ch> before, all those option windows/palettes were flying around 06:26 < hyper_ch> that was so annyoing 06:27 < Doktor_J> !goal 06:27 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 06:27 < hyper_ch> and I agree, the layer style options in PS are great... gimp should implement that also 06:27 < Doktor_J> *nod* 06:27 < hyper_ch> outline, transparency, emboss etc. 06:28 < Doktor_J> (never did !goal when i first came in here, and was curious) 06:28 < ObamaIsAGangsta> someone messed up the layering on obamas birth certificate 06:28 < Doktor_J> >_< 06:28 < hyper_ch> oh, you heard obama signed that prisoner act thingy? 06:28 < Doktor_J> no... not sure which act you're referring to 06:29 < ObamaIsAGangsta> NPAA 06:29 < hyper_ch> http://thinkprogress.org/security/2011/12/31/396018/breaking-obama-signs-defense-authorization-bill/ 06:29 <@vpnHelper> Title: BREAKING: Obama Signs Defense Authorization Bill | ThinkProgress (at thinkprogress.org) 06:29 < Doktor_J> i think i might have a vague idea, but i've been up like 20-ish hours, and my brain's not entirely functional 06:29 < ObamaIsAGangsta> now he can send americans arrest in the usa to gitmo 06:30 < hyper_ch> ObamaIsAGangsta: https://www.nytimes.com/2011/12/13/opinion/guantanamo-forever.html?_r=1 -- written by two retired 4-star generals 06:30 <@vpnHelper> Title: Log In - The New York Times (at www.nytimes.com) 06:31 < hyper_ch> you need to login to read that? 06:31 < ObamaIsAGangsta> checking 06:32 < ObamaIsAGangsta> appears so 06:32 < hyper_ch> hmmm, I guess some of my FF addons prevent that paywall from appearing :) 06:32 < ObamaIsAGangsta> im listening to alex jones now, im sure i'll hear about it from him 06:32 < hyper_ch> I'll make a pdf out of it 06:32 < ObamaIsAGangsta> cool 06:33 < hyper_ch> I think it's because I disabled some of the JS 06:34 < ObamaIsAGangsta> surely their website isnt that rudimentary 06:34 < hyper_ch> yes, it is 06:35 < hyper_ch> http://www.sjau.ch/4-star-generals.pdf 06:35 < ObamaIsAGangsta> fast upload :) 06:35 < hyper_ch> blocked are: revsci.net, nyt.com and krxd.net 06:36 < hyper_ch> does this still work: http://gizmodo.com/5815360/this-is-how-to-bypass-the-new-york-times-paywall 06:36 -!- frojnd [~frojnd@86.58.21.55] has quit [Read error: Connection reset by peer] 06:36 <@vpnHelper> Title: How to Bypass the New York Times Paywall In Three Seconds, Zero Hacking Required (at gizmodo.com) 06:37 < ObamaIsAGangsta> who is blocking 06:37 < ObamaIsAGangsta> no it doesnt 06:37 -!- frojnd [~frojnd@86.58.21.55] has joined #openvpn 06:39 < hyper_ch> well, either it's a browser addon or it's my location 06:39 < hyper_ch> let me try chromium with no addons 06:40 < hyper_ch> works in chromium with no addons... so I guess that it's my location then 06:40 < hyper_ch> anyway, you got the pdf :) 06:43 < ObamaIsAGangsta> depressing stuff 06:43 < ObamaIsAGangsta> step by step they're taking away freedoms 06:44 < hyper_ch> yeah 06:44 < hyper_ch> because it's bit by bit, most people don't notice 06:44 < ObamaIsAGangsta> u listen to alex jones show? 06:44 < hyper_ch> don't even know who that is 06:45 < ObamaIsAGangsta> so anyway, you recommend debian for server? 06:46 < ObamaIsAGangsta> when 2.3 comes out i can probably change 06:46 < hyper_ch> I like debian stable on servers 06:46 < hyper_ch> it's really stable 06:46 < hyper_ch> so a few things you should compile yourself 06:46 < hyper_ch> but compiling openvpn on debian is simple 06:47 < ObamaIsAGangsta> it has dependencies 06:47 < hyper_ch> add the source 06:47 < hyper_ch> then apt-get build-dep openvpn 06:47 < hyper_ch> that should pull the necessary dependencies 06:47 < ObamaIsAGangsta> hmm apt-get is like yum? 06:47 < hyper_ch> well, I mean debian source package 06:47 < hyper_ch> there's apt-get and aptitude 06:48 < hyper_ch> aptitude would be recommended, but I'm so used to apt-get 06:48 < ObamaIsAGangsta> ok so one can download the openvpn source meant for debian 06:48 < ObamaIsAGangsta> type one line and done? 06:48 < hyper_ch> well, debian has binary repositories and source repositories 06:48 < hyper_ch> the source repositories contain the sources including the debian compile options 06:48 < hyper_ch> because of that, you can easily fetch all dependencies 06:49 < ObamaIsAGangsta> ah ok 06:49 < ObamaIsAGangsta> cool 06:49 < hyper_ch> except if the dependencies have changed from the debina version to the new version of the program 06:49 < hyper_ch> so you can normally run apt-get build-deb openvpn 06:49 < hyper_ch> and it will pull the required dependencies 06:49 < hyper_ch> then fetch the source from openvpn 06:49 < ObamaIsAGangsta> im just looking foreward to using ipv6 as the transport 06:49 < hyper_ch> and start compiling 06:50 < ObamaIsAGangsta> so def gonna compile 2.3 06:50 < hyper_ch> I didn't run into problems compiling it on debian 06:51 < Doktor_J> biggest thing i don't like about ipv6 is that i'm going to have a hell of a time memorizing IPs :P 06:52 < hyper_ch> that's what a hosts file is for :) 06:52 < hyper_ch> just alias them with some hostname 06:52 < hyper_ch> homecomputer 06:52 < hyper_ch> homelaptop 06:52 < hyper_ch> homeserver 06:52 < hyper_ch> that should still work with the hosts file on ipv6, right? 06:53 < ObamaIsAGangsta> well, world is almost run out of ipv4 addresses so 06:53 < ObamaIsAGangsta> no choice but to move on 06:53 < hyper_ch> ah.... 06:53 < hyper_ch> not really 06:54 < ObamaIsAGangsta> in another couple of years then 06:54 < hyper_ch> there will be a war before 06:54 < hyper_ch> and a lot less people 06:54 < hyper_ch> and we'll have plenty of ip addresses again :) 06:54 < ObamaIsAGangsta> i doubt that'd be the reason for war 06:54 < hyper_ch> I didn't say it's the reason of war 06:54 < hyper_ch> I just say there will be a war 06:55 < ObamaIsAGangsta> not if ron paul is president 06:55 < hyper_ch> china is building up massively 06:56 < ObamaIsAGangsta> i live in china, its really harmless 06:56 < ObamaIsAGangsta> i very much doubt it'd ever go to war 06:56 < ObamaIsAGangsta> something will kick off with syria/iran though 06:57 < ObamaIsAGangsta> but when hasn't the middle east had a war 06:57 < Doktor_J> i see china as preferring to fight an economic war rather than a military war 07:01 < ObamaIsAGangsta> its gonna get messy for most currencies, if i have spare money im buying silver 07:02 < hyper_ch> ObamaIsAGangsta: IIRC in '07 a chinese sub surfaced just about 5 miles away from a US aircarft carrier 07:02 < hyper_ch> also chinese have now an own aircraft carrier 07:02 < hyper_ch> they also have missiles to sink aircraft carriers 07:02 < hyper_ch> and since a few days their own GPS 07:02 < ObamaIsAGangsta> and nukes 07:02 < ObamaIsAGangsta> hundreds of nukes 07:02 < hyper_ch> china's gaining influence 07:03 < ObamaIsAGangsta> i know 07:03 < hyper_ch> and the US is weakening 07:03 < ObamaIsAGangsta> thats why i came here and learnt chiense 07:03 < hyper_ch> russia has also be strengthened 07:03 < hyper_ch> I just wish there were a couple more strong players 07:03 < hyper_ch> none superstrong 07:03 < ObamaIsAGangsta> also the girls here are preety hot 07:03 < hyper_ch> but more than just a handful 07:04 < ObamaIsAGangsta> because of nukes i can't see an actual war like ww2 07:05 < ObamaIsAGangsta> of course there'll always be small wars like libya 07:05 < hyper_ch> whereabouts in china are you? shanghai? 07:06 < hyper_ch> hongkong? 07:06 < ObamaIsAGangsta> shanghai 07:06 < hyper_ch> I have a friend there :) 07:06 < hyper_ch> and another one in hong kong... she's very cute 07:07 < hyper_ch> http://images.sjau.ch/img/294e54a8.jpg 07:07 < hyper_ch> http://images.sjau.ch/img/cdff2519.jpg 07:07 < ObamaIsAGangsta> i do have a liking for asian girls 07:08 < hyper_ch> there are really good looking asian girls 07:08 < hyper_ch> but also very bad looking ones 07:08 < hyper_ch> like everywhere else :) 07:09 < hyper_ch> I should fly with singapore airlines again... the flight atttendants last time were like models :) 07:09 < ObamaIsAGangsta> my gf is a flight attendent 07:09 < hyper_ch> :) 07:09 < ObamaIsAGangsta> tried out for singapore 07:10 < hyper_ch> also heard good things about cathay pacific but never flew with them 07:10 < ObamaIsAGangsta> thats the one she works for 07:10 < ObamaIsAGangsta> based out of hong kong 07:10 < Doktor_J> lol hyper_ch, that first girl you linked to looks like a younger version of my ex 07:11 < ObamaIsAGangsta> what is it with geeks and asians 07:11 * Doktor_J shrugs 07:11 < Doktor_J> i'm equal-opportunity 07:11 < Doktor_J> well not exactly 07:11 < Doktor_J> i have a preference for (asians XOR redheads) 07:13 < ObamaIsAGangsta> lol xor 07:13 < ObamaIsAGangsta> sometimes i say 'lol' in when speaking 07:13 < ObamaIsAGangsta> instead of laughing 07:13 < Doktor_J> i do too, though it's usually preceded at least with a snicker 07:14 * APTX double checks the channel name 07:14 < hyper_ch> Doktor_J: :) 07:14 < hyper_ch> isn't it stressful as flight attendant with all those time shifts? 07:14 * ObamaIsAGangsta double checks that APTX has no power 07:15 < ObamaIsAGangsta> she just flies between shanghai and hong kong 07:15 < ObamaIsAGangsta> 2 hour flight 07:15 < ObamaIsAGangsta> so no time shift 07:16 < Doktor_J> APTX: if people want to discuss openvpn in here, i have no problem aborting off-topic conversation threads... but that notwithstanding, it's otherwise pretty dead in here :D 07:16 < APTX> I don't really have anything against it 07:17 < Doktor_J> *nod* 07:17 < APTX> it's just that usually these kinds of talks are in different channels 07:17 < ObamaIsAGangsta> well no1's come in asking for help 07:20 < Cubox> Hi 07:20 < Cubox> I have a little problem 07:22 < Cubox> All is working, and, when my internet connection is down, i can't access internet. But, when internet is up, i have to restart the daemon openvpn to have internet. 07:22 < Cubox> How to solve this without use a tcp tunnel ? 07:25 < ObamaIsAGangsta> your question confuses me 07:25 < Cubox> oh 07:26 < Cubox> I'm french, and it's not easy to explain 07:28 < Doktor_J> let me see if i understand 07:28 < Doktor_J> you have openvpn and your general internet connection working 07:29 < Doktor_J> but if the internet connection goes down (and the VPN connection goes down with it)... 07:29 < Doktor_J> when the internet connection comes back up, you have to restart openvpn before your internet connection works? 07:29 < Cubox> when the global connection is up, openvpn tunnel is donw 07:29 < Cubox> yes 07:29 < Cubox> I will go to eat, my config is 07:29 < Cubox> http://pastebin.com/rD445Zf5 07:30 < Cubox> (will be bask in 15 minutes) 07:30 < Cubox> back * 07:31 < Doktor_J> hmmmm reading is proving difficult with a cat on my chest -_- 07:33 < Doktor_J> (laying on my back, laptop propped against my legs... and now there is a cat on my chest, between my face and the laptop) 07:34 < hyper_ch> so, first batch of pants and shirts washed and ironed :) 07:36 < hyper_ch> APTX: any issue? 07:36 < APTX> ? 07:36 < hyper_ch> [14:14] * APTX double checks the channel name 07:36 < hyper_ch> you have an issue with openvpn? 07:37 < APTX> read on :) 07:37 < hyper_ch> APTX: I can't read :) 07:37 < APTX> no, I don't have any issue 07:38 < hyper_ch> awwwww :( 07:40 <@EugeneKay> hyper_ch - pants are a sin and you shall face the wrath of our Pastafarian overlord for wearing them 07:40 < hyper_ch> EugeneKay: well, the courts insist on me wearing pants 07:41 < hyper_ch> EugeneKay: do you have any recommendation for some pc speakers? 07:42 <@EugeneKay> I use a set of Logitech Z506 07:43 <@EugeneKay> They're adequate, but only barely. 07:43 < hyper_ch> I have some tiny logitech ones 07:44 < Doktor_J> i like my little bose companion 2 series 2 speakers 07:45 < Doktor_J> (i have neither the space nor the environment for having a subwoofer, so i just need a good set of 2.0 speakers) 07:45 < hyper_ch> they don't have mine anymore 07:46 <@EugeneKay> 5.1 or GTFO 07:47 < hyper_ch> http://www.amazon.co.uk/Logitech-OEM-S200-Black-Silver/dp/B0009KO43A 07:47 < hyper_ch> those are the ones I have 07:47 < Doktor_J> back when i had my own room, yes, i had 5.1 07:48 < Doktor_J> but if you were to see my current computer area, you'd be at a loss as to where those other three speakers (and especially the subwoofer) would go 07:50 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 07:51 < hyper_ch> "OpenVPN routing fails, but only sometimes. (windows client)" -> I'd blame Windows 07:56 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 08:16 < Cubox> Doktor_J: re 09:02 < ObamaIsAGangsta> 24 hours until iowa 09:23 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has joined #openvpn 09:23 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has quit [Changing host] 09:23 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:34 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:57 <@EugeneKay> Waffles? 10:58 < ecrist> happy new year. 11:01 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 11:01 -!- mode/#openvpn [+o mattock] by ChanServ 11:08 -!- vect0rx [vectorx@countercultured.net] has joined #openvpn 11:10 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:10 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:18 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 240 seconds] 11:19 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:21 <@EugeneKay> Waffles. :-D 11:26 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 11:26 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 11:27 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:27 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has quit [Quit: aegidos] 11:27 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has quit [Quit: aegidos_] 11:28 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 255 seconds] 11:34 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:36 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Max SendQ exceeded] 11:40 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 11:54 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 11:58 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:58 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has joined #openvpn 11:59 < aegidos> happy nu year 0x7DC :-D 12:00 -!- aegidos_ [~admin@p54B5D570.dip.t-dialin.net] has left #openvpn [] 12:04 -!- spacedust [~info@unaffiliated/cosmicblue] has left #openvpn [] 12:46 < aegidos> hm 12:51 -!- Netsplit *.net <-> *.split quits: ScriptFanix, vect0rx 12:52 -!- Netsplit over, joins: vect0rx, ScriptFanix 13:30 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 13:56 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 14:04 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 14:25 <@vpnHelper> RSS Update - forum: Wrong routes set to the client 14:39 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 14:39 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:41 -!- Ionic [ionic@ionic.de] has quit [Excess Flood] 14:45 -!- Guest40372 [ionic@ionic.de] has joined #openvpn 14:48 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has joined #openvpn 14:48 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has quit [Changing host] 14:48 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:01 <@vpnHelper> RSS Update - forum: openvpn connects with no traffic on win 7 64bit 15:33 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 268 seconds] 15:43 -!- Doktor_J [41605745@gateway/web/freenode/ip.65.96.87.69] has quit [Ping timeout: 258 seconds] 15:49 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:51 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 15:52 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 16:19 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 16:22 -!- Guest40372 [ionic@ionic.de] has left #openvpn [] 17:09 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 17:18 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 17:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:30 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:30 -!- mode/#openvpn [+v Axeman] by ChanServ 17:34 < zeshoem> Hi I can ping from openvpn client 10.8.1.6 to openvpn server 10.8.1.1 but not the other way around 17:34 < zeshoem> What do I need to check? 17:39 < krzee> firewall on client 17:39 < krzee> thats not an idea, it is the problem =] 17:39 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 17:40 -!- Denial [Denial@drgi.co.uk] has quit [] 17:40 < zeshoem> but I can ping from the local side, 192.168.2.11 17:40 < zeshoem> client is running centos, no firewall and se linux disabled 17:47 < zeshoem> Here is the network diagram at this point http://t.co/9fTIrJSQ 17:47 <@vpnHelper> Title: Twitter / Mansoor Nathani: Issues getting R2 to reach ... (at t.co) 17:48 < krzee> iptables -I INPUT -i tun+ -j ACCEPT 17:49 < zeshoem> on the client? 17:49 < krzee> yes 17:49 < krzee> [15:39] firewall on client 17:49 < krzee> [15:39] thats not an idea, it is the problem =] 17:49 < krzee> holey shit that diagram sucks 17:50 < zeshoem> I should pull out visio next time 17:50 < krzee> or gliffy would work 17:50 < krzee> gliffy.com, thats how i made the diagram in this: 17:50 < krzee> !route 17:50 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 17:54 < zeshoem> still unable to ping from server to client. The tunnel is working fine though 17:54 < krzee> well its still *something* on the client blocking the ping 17:55 <+TJNII> Which client? The VPN client? Or something behind those routers you drew? 17:55 < krzee> [15:34] Hi I can ping from openvpn client 10.8.1.6 to openvpn server 10.8.1.1 but not the other way around 17:55 < krzee> TJNII, ^ 17:55 < zeshoem> its an openvpn install on centos no fancy client 17:56 < krzee> to quote the topic... 17:56 < krzee> Your problem is your firewall, really. 17:57 < zeshoem> I dont really mind that it cant ping' 17:57 < krzee> then it sounds like you are fine 17:57 < zeshoem> I am more concerned that the router cant get out to the internet 17:57 < krzee> the router is behind the client? 17:57 < zeshoem> I am working on a new gliffy document 17:57 < zeshoem> yes 17:57 < krzee> and you read this: 17:57 < krzee> !route 17:57 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 17:59 < zeshoem> When I try to ping 8.8.8.8 from R2, I get Sun Jan 1 18:59:21 2012 us=373545 vpn2/70.52.169.123:46475 MULTI: Learn: 192.168.4.4 -> vpn2/70.52.169.123:46475 in the openvpnlog 18:00 < krzee> !configs 18:00 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 18:04 <+TJNII> Either the client needs to SNAT or the server has to have routes for the 192. networks. 18:05 <+TJNII> Problem is likely that the packet gets to the target and that machine doesn't know how to send it back. 18:05 <+TJNII> But again, configs would be nice. :) 18:05 <+TJNII> Including routing tables. 18:18 < zeshoem> is netstat -r sufficient for routing table? 18:18 <+TJNII> yes 18:19 < zeshoem> http://pastebin.com/H5eQSuYs 18:19 < zeshoem> PC (192.168.2.25) > OPen VPN Client (192.168.2.11) > Open VPN Server (NAT) > Internet works just fine 18:20 <+TJNII> Yep, I'll bet it does 18:21 <+TJNII> No NATS, except out to the internet, I assume? 18:21 < zeshoem> thats right 18:21 < zeshoem> I just notice /etc/openvpn/openvpn.conf missing the 192.168.4.0 line 18:21 <+TJNII> The server doesn't know what to do with packets from the 192.168.4.0/24 net 18:21 <+TJNII> No route for it 18:21 < zeshoem> 192.168.4.0 10.8.1.2 255.255.255.0 UG 0 0 0 tun0 18:22 <+TJNII> It's likely trying to send them out venet0.... 18:22 < zeshoem> not where is a line 18:22 < zeshoem> *now 18:22 <+TJNII> Does it work now? 18:22 < zeshoem> checking 18:24 < zeshoem> It does 18:24 < zeshoem> Thank you very much 18:24 <+TJNII> np 18:24 < zeshoem> thank you krzee as well! 18:26 < krzee> yw 18:31 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 19:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 19:11 -!- _julian [~quassel@hmbg-4d06eeab.pool.mediaWays.net] has joined #openvpn 19:11 -!- _julian_ [~quassel@hmbg-4d06f94a.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 19:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 19:19 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 19:28 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 19:28 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 19:28 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 19:30 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 19:30 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:30 -!- mode/#openvpn [+v Axeman] by ChanServ 19:55 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 21:27 < ObamaIsAGangsta> if you dont keep a copy of a clients crt file, you can never revoke them? 21:28 < ObamaIsAGangsta> seems so 21:28 < krzee> csr, but ya 21:29 < ObamaIsAGangsta> so there's no way to stop them connecting 21:30 < ObamaIsAGangsta> its complaining about not having the .crt 21:30 < ObamaIsAGangsta> doesnt mention csr 21:31 < krzee> --disable still works 21:31 < krzee> in a ccd entry 21:31 < krzee> but its not as good as using the crl, if you could 21:32 < ObamaIsAGangsta> k thanks 21:32 < ObamaIsAGangsta> i wanted to be able to re-use the common name 21:33 < krzee> no 21:33 < krzee> dont re-use a common-name 21:36 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 21:38 < ObamaIsAGangsta> ok 21:38 < ObamaIsAGangsta> if i do ./build-key user10 is it ok to have the common name for that user the same? i.e user10 21:42 < krzee> huh? 21:42 < krzee> 1 sec lemme look at easy-rsa 21:42 < krzee> !pki 21:42 < ecrist> OMG - Obama Must Go 21:42 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed 21:43 < ecrist> lol 21:43 <@vpnHelper> specially as a server (see !servercert) 21:43 < ObamaIsAGangsta> im asking if the common name needs to be unique 21:43 < ecrist> krzee: Happy New Year, bro. 21:43 < krzee> ecrist, seriously, i almost banned based on that, but didnt wanna feed the troll-nick 21:43 < ObamaIsAGangsta> or can it be the same as the name of the cert and key files 21:43 < krzee> happy newyear brutha! 21:43 < krzee> the name of the cert doesnt matter 21:43 < krzee> only the CN does 21:44 < ObamaIsAGangsta> ok i'll just make them the same then 21:44 < ObamaIsAGangsta> less confusing 21:44 < ObamaIsAGangsta> i'll keep a copy of peoples crt and csr incase need revoke later 21:44 < krzee> ObamaIsAGangsta, if you were following the page from !pki you'd see the official openvpn howto used the same for CN and file 21:44 < krzee> youd also see where it says to always use a unique CN 21:45 < krzee> or you can be lazy like me and use ssl-admin 21:45 < krzee> !ssl-admin 21:45 <@vpnHelper> "ssl-admin" is (#1) if you use freebsd, it is in ports or (#2) svn co https://www.secure-computing.net/svn/trunk/ssl-admin to grab it from svn or (#3) A perl script for managing SSL certificates (being a CA). Makes a good replacement for easy-rsa 21:46 < ObamaIsAGangsta> easy-rsa isn't that great, it doesnt even set correct permissions for key files 21:46 <+TJNII> umask ftw 21:47 < krzee> ya, thats your job as a unix admin 21:47 <+TJNII> Well, iirc easy-rsa is nothing but a bunch of shell scripts, so I'm sure we'll all welcome ObamaIsAGangsta's patches to add proper chmods. :) 21:47 < krzee> although i do agree somewhat with the sentiment, personally i choose to use ssl-admin 21:48 < krzee> and one day ill get around to adding cert generation to my bash config file generator 21:48 < krzee> !confgen 21:48 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 21:48 < krzee> and TJNII, you do remember correctly =] 21:48 <+TJNII> krzee: You have too much fin with that bot. 21:48 <+TJNII> s/fin/fun/ 21:48 < krzee> TJNII, i love that bot man 21:48 < krzee> !factoids 21:48 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php 21:49 < krzee> !whoami 21:49 <@vpnHelper> support 21:49 < krzee> damn right vpnHelper 21:49 < krzee> !tell TJNII hey there big boi 21:49 <+TJNII> Woah there. :) 21:49 < krzee> haha 21:50 -!- caemir_ [~caemir@unaffiliated/caemir] has joined #openvpn 21:51 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 252 seconds] 21:51 -!- caemir_ is now known as caemir 21:52 < ObamaIsAGangsta> ok last Q for today 21:52 < ObamaIsAGangsta> it makes a crl.pem right 21:52 < ObamaIsAGangsta> do i need to copy a new crl.pem to /openvpn every time i revoke a new client? 21:52 < ObamaIsAGangsta> i guess it wont auto update 21:55 < krzee> correct, and if your setup is secure that requires a file transfer too 21:55 < krzee> since your server is not your CA in a secure environment 22:04 -!- _Danilo_ [~Danilo@unaffiliated/danilo/x-728421] has joined #openvpn 22:07 <+TJNII> krzee: http://secure-computing.net/logs/#openvpn.log doesn't quite return expected content. 22:14 <+TJNII> !say I'm a pretty princess 22:14 <+TJNII> Hmm, the factoid page said that should have gotten a response.... 22:18 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has quit [] 22:30 -!- aegidos__ [~admin@p54B5A587.dip.t-dialin.net] has joined #openvpn 22:33 -!- aegidos [~admin@p54B5D570.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 22:33 -!- aegidos__ is now known as aegidos 22:36 <@EugeneKay> It lied. 23:09 * ecrist returns 23:09 < ecrist> I'm not looking forward to this forum migration 23:09 < ecrist> I've been putting off this ldap module long enough. 23:10 <+TJNII> ldap FT ..... something ..... 23:17 < ecrist> ldap is awesome 23:20 <+TJNII> Yea, but its integration is usually somewhat less than ideal... 23:21 < ecrist> not really 23:21 < ecrist> in regards to integration, LDAP can be difficult 23:21 < ecrist> LDAP is a relatively blank canvas and anything you desire can be painted upon it. it's hard to integrate that 23:22 < ecrist> it's not for a lack of support, or desire for support, but it's not really normalized 23:22 < ecrist> though, it can be. 23:22 < ecrist> there are some standards, but it's a matter of which standard to support 23:22 <+TJNII> Yea, that's true,. 23:23 < ecrist> the POSIX standard seems well-supported in LDAP and various software packages 23:23 < ecrist> vb doesn't support LDAP at all, so I'm writing a module for it 23:28 * EugeneKay blinks 23:28 <@EugeneKay> Visual Basic.... LDAP..... moduel.... 23:28 <@EugeneKay> What? 23:28 <@EugeneKay> Oh, vBulletin. 23:28 <@EugeneKay> Less crazy, I suppose. 23:29 <+TJNII> I read that as Visual Basic, too. Was a bit surprised. 23:29 < ecrist> vbulletin 23:29 <@EugeneKay> Still. 23:29 < ecrist> I'm moving the forum to vbulletin this week, provided I get the ldap stuff figured out 23:30 < ecrist> the big negative is I'm not migrating the current content. 23:30 < ecrist> we're going to keep the old content 'live' without write for about a year, then delete them. 23:31 <@EugeneKay> Sounds liek a plan 23:39 < ecrist> phpbb sucks on a ~heavily used forum 23:40 < ecrist> and the SEO tools just suck, perioud 23:40 < ecrist> period* 23:41 <@EugeneKay> phpBB just *sucks* 23:41 < ecrist> I can't say that, I did dev for it for a while. 23:42 < ecrist> the team even sent me a silly teddy bear for my efforts 23:42 < ecrist> though, I also contributed to UnrealIRCd 23:42 < ecrist> they at least list me as a contrib there. --- Day changed Mon Jan 02 2012 00:12 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? 00:13 -!- aegidos [~admin@p54B5A587.dip.t-dialin.net] has quit [Quit: aegidos] 00:15 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 00:34 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has joined #openvpn 00:36 <@vpnHelper> RSS Update - forum: Road Warrior setup 00:38 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has quit [Ping timeout: 240 seconds] 00:39 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 00:49 -!- aegidos_ [~admin@tmo-097-101.customers.d1-online.com] has joined #openvpn 00:49 < aegidos_> good morning :-D 00:52 <+TJNII> Not for another 8 minutes. :D 00:52 < aegidos_> i have to ask you about help for my tunnelblick connection. I am able to connect to my VPN and map network drives and ssh to my debian server, no problem. but the DNS doesn't work and traceroute timed out http://pastebin.com/BiqtQY3n i added the DNS 8.8.8.8 to my network settings on the client 00:54 <+TJNII> Configs? 00:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 00:58 < aegidos_> resolv.conf http://pastebin.com/6ZAPZKap 00:58 <+TJNII> !configs 00:58 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 00:58 < aegidos_> open vpnconf http://pastebin.com/v4ejjxaN 00:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 00:59 <+TJNII> Okay, so you're using "push "redirect-gateway def1"" 00:59 <+TJNII> And you said the VPN works to the server side subnet, correct? 01:00 <+TJNII> So the problem is you can get to devices on the same server, but not out to the internet. Correct? 01:00 < aegidos_> yes if i connect to the server i am able to map network drives and ssh to my server 01:00 < aegidos_> yes 01:00 < aegidos_> and i can not ping internally 01:01 <+TJNII> How does the server connect to the internet? 01:01 < aegidos_> ethernet cable, no WLAN. connected to a FritzBox 01:01 < aegidos_> Firtzbox sets up the dyndns 01:02 <+TJNII> So did you configure your server to route VPN traffic to the fritzbox? 01:03 < aegidos_> hm, i guess not. 01:03 <+TJNII> Also, you will either need to SNAT on the server or configure the FritzBox to know about the 10.8.0.0 subnet 01:03 < aegidos_> inside fritzbox i set up a static route from 10.8.0.1 to the openVPN Server 01:04 <+TJNII> You mean set it up so that the server is the gateway for the 10.8.0.0/24 subnet, correct? 01:05 < aegidos_> yes 01:05 <+TJNII> Okay, Good 01:05 <+TJNII> Then all you should need to do is enable ip_forward on the server 01:05 * TJNII says "Let's see if I can remember the bot command..." 01:05 -!- dazo_afk is now known as dazo 01:06 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 01:06 < aegidos_> !ip_forward 01:06 <+TJNII> !linipforward 01:06 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 01:07 < aegidos_> okay then i will try this and reboot the server 01:07 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 01:07 < aegidos_> then reconnect from my client 01:07 <+TJNII> Shouldn't have to reboot... 01:07 < aegidos_> nice 01:08 <+TJNII> echo 1 > /proc/sys/net/ipv4/ip_forward will enable it on a running system 01:08 < aegidos_> but while log in via open vpn i am shortly "offline" ^^ 01:10 < aegidos_> Fehler 105 (net::ERR_NAME_NOT_RESOLVED): Die DNS-Adresse des Servers kann nicht aufgelöst werden. 01:11 < aegidos_> no connection 01:11 < aegidos_> traceroute timeout 01:12 <+TJNII> pastebin the output of the following from the server: route , iptables -L , iptables -L -t nat 01:12 <+TJNII> It would be helpful if you do that with the client connected 01:14 < aegidos_> okay, one second 01:18 < aegidos_> http://pastebin.com/MbWLVWd2 01:18 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 01:19 <+TJNII> hmmm.... everything looks okay 01:19 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 01:20 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 01:20 <+TJNII> At this point I would run tcpdump on eth0 of the server. Try to query 8.8.8.8. See what traffic goes out and what comes back 01:21 < aegidos_> okay how may i execute the dump and send a request to 8.8.8.8? 01:22 <+TJNII> Open the connection. On the server: tcpdump -i eth0. That will log all traffic on eth0. Then run nslookup google.com 8.8.8.8 on the client 01:23 < aegidos_> okay 01:27 -!- aegidos_ [~admin@tmo-097-101.customers.d1-online.com] has quit [Ping timeout: 240 seconds] 01:29 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has joined #openvpn 01:29 < aegidos> so i will pastebin the output 01:31 < aegidos> server tcp dump http://pastebin.com/3XfytQhE 01:32 < aegidos> the nslookup client http://pastebin.com/kDZriw3p 01:32 <+TJNII> That worked 01:33 < aegidos> great :-D 01:33 <+TJNII> The client was able to query 8.8.8.8 according to the nslookup output 01:35 < aegidos> but some services in between might drop the packages when waiting for the response 01:35 -!- X0Rc0re [~chatzilla@124.148.205.10] has joined #openvpn 01:35 -!- [capslock] [~root@autodns-212-219-225-239.staffs.ac.uk] has joined #openvpn 01:35 < X0Rc0re> i need help with setting up a VPN in a VPS using OpenVPN 01:35 <+TJNII> okay, 12:35am. Time to sign off. 01:35 -!- [capslock] [~root@autodns-212-219-225-239.staffs.ac.uk] has left #openvpn ["Leaving"] 01:36 <+TJNII> Good luck aegidos 01:36 < aegidos> thanks TJNII ! 01:36 < X0Rc0re> I need someone to teamviewer me, as im having a problem 01:40 < X0Rc0re> anyone!? 01:41 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 01:43 -!- Jarred [~Jarred@c-71-198-139-210.hsd1.ca.comcast.net] has joined #openvpn 01:43 -!- Jarred [~Jarred@c-71-198-139-210.hsd1.ca.comcast.net] has left #openvpn ["Leaving"] 01:43 < X0Rc0re> ? 01:43 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? || Road Warrior setup 01:44 < X0Rc0re> anyone here? 01:46 -!- aegidos [~admin@tmo-097-101.customers.d1-online.com] has quit [Read error: Connection reset by peer] 01:50 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 01:56 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 02:01 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 02:02 -!- X0Rc0re [~chatzilla@124.148.205.10] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 02:04 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 02:06 -!- X0Rc0re [~chatzilla@124.148.205.10] has joined #openvpn 02:07 < X0Rc0re> anyone here? 02:07 < X0Rc0re> ? 02:10 < reiffert> all have died at the big inferno yesterday. 02:13 < X0Rc0re> reiffert: can you help me setup openVPN on debain squeeze VPS? 02:13 < X0Rc0re> i am having a pronlem 02:13 < X0Rc0re> do you have teamviewer? 02:15 <@dazo> !howto 02:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 02:15 <@dazo> X0Rc0re: ^^^ 02:15 < X0Rc0re> dazo: i have read it, but i am having problems 02:15 <@dazo> !welcome 02:15 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:15 < X0Rc0re> i can show you on teamviewer 02:16 <@dazo> nope, we don't do teamviewer 02:18 < X0Rc0re> awwww :( 02:18 < X0Rc0re> why not? 02:18 < X0Rc0re> dazo: can i send you the SSH details and you set it up for me? 02:18 < X0Rc0re> please :) 02:18 <@dazo> nope, that way you won't learn anything and you'll just bother us again 02:19 * dazo is tired already and ignores X0Rc0re from now on 02:19 < X0Rc0re> btw dazo can i put this in http://www.eurephia.net/? 02:19 <@vpnHelper> Title: eurephia :: a flexible OpenVPN authentication module (at www.eurephia.net) 02:19 <@dazo> X0Rc0re: put what in? 02:19 <@dazo> you can use eurephia with OpenVPN on Debian 02:19 < X0Rc0re> http://www.eurephia.net/ the auth plugin 02:19 <@vpnHelper> Title: eurephia :: a flexible OpenVPN authentication module (at www.eurephia.net) 02:20 <@dazo> I know that plug-in ... I wrote it 02:20 < X0Rc0re> can i use it? 02:20 < X0Rc0re> nice :D 02:20 <@dazo> Yeah, that plug-in does work very well ... but reading the docs is a must 02:20 < X0Rc0re> so does it allow other users to connect to your VPN? 02:20 < X0Rc0re> my VPN* 02:21 < X0Rc0re> ? 02:22 <@dazo> that plug-in does extend the authentication to require certificate, username and passwords to match ... and it will then update iptables on-the-fly to give a restricted VPN access 02:22 <@dazo> but you need to create user accounts and certificates to your users ... with that in place, these clients can access the VPN 02:22 < X0Rc0re> So, i can create users and let people connect to my VPN? 02:22 < X0Rc0re> ok :) 02:22 <@dazo> yeah, that's kind of the point 02:26 < X0Rc0re> dazo: about how long would it take me to setup OpenVPN and eurephia? 02:26 <@dazo> X0Rc0re: some people have done it in hours ... some needed weeks 02:26 <@dazo> depends on your experience with VPN 02:26 < X0Rc0re> none :s 02:26 <@dazo> start with getting OpenVPN working first, without eurephia ... when that's done ... then add eurephia 02:28 <@dazo> I'll help you with the eurephia stuff when you have OpenVPN running .... for OpenVPN support, you probably need to wait some hours as people wake up ... most people here are located in the US and Europe, and Europe is beginning to wake up now 02:28 < X0Rc0re> yea ok thanx ;) 02:29 < X0Rc0re> i followed this tutorial http://switzernet.com/public/081215-openvpn-client/main.htm 02:29 <@vpnHelper> Title: Install openvpn server on debian (at switzernet.com) 02:29 < X0Rc0re> but not sure what to put in the config file 02:30 <@dazo> rather spend time reading the official OpenVPN how-to's ... that'll save you confusion ... and it is *expected* that people seeking help here are familiar with that howto 02:30 <@dazo> !howto 02:30 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 02:31 < X0Rc0re> ok 02:32 <@dazo> another good resource is "OpenVPN Cookbook" by Jan Just Keijser ... it's a book, with good recipes how to get started with OpenVPN 02:32 < X0Rc0re> ok thanx :) 02:32 <@dazo> JJK is active in our OpenVPN community ... so that's a safe guide 02:32 < X0Rc0re> :) 03:26 <@vpnHelper> RSS Update - forum: Setup on server connected directly to WAN. 03:34 < X0Rc0re> do i have enter stuff for Distinguished name? 03:43 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 03:43 -!- mode/#openvpn [+o mattock] by ChanServ 03:50 -!- nb [~nb@fedora/znc.nb] has quit [Ping timeout: 268 seconds] 03:51 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:51 < hyper_ch> dazo: EugeneKay: krzee: http://www.golem.de/1201/88732.html -- new method to store encryption keys in the CPU instead of the ram in order to prevent cold boot attacks 03:51 <@vpnHelper> Title: Sicherheit: Tresor verschlüsselt Festplatten ohne RAM - Golem.de (at www.golem.de) 03:52 -!- hyper_ch was kicked from #openvpn by EugeneKay [Cool story bro.] 03:52 -!- hyper_ch [~hyper_ch@ks357331.kimsufi.com] has joined #openvpn 03:53 < hyper_ch> dazo: EugeneKay: krzee: The whitepaper in english http://www1.informatik.uni-erlangen.de/tresorfiles/tresor.pdf 03:56 <@dazo> hyper_ch: nice! 03:57 < hyper_ch> dazo: comes with a patch... the golem article says that on AES-NI you shouldn't notice any degradation of performance 03:58 < hyper_ch> but on CPUs without AES-NI you'll notice a loss in performance 03:59 < hyper_ch> dazo: http://www1.informatik.uni-erlangen.de/tresor 03:59 <@vpnHelper> Title: TRESOR Runs Encryption Securely Outside RAM | IT-Sicherheitsinfrastrukturen (Informatik 1) (at www1.informatik.uni-erlangen.de) 04:02 <@vpnHelper> RSS Update - forum: TLS negotiation failed with UDP 04:03 <@dazo> hyper_ch: that patch is more for the in-kernel encryption layer ... which openssl don't use ... but such a feature for openssl would be neat! 04:04 < hyper_ch> dazo: I'll await a feedback after you have studied it :) 04:04 <@dazo> hehehe 04:04 < hyper_ch> does openssl use aes? 04:06 <@dazo> openssl supports aes as encryption algorithm, and it supports aes-ni instruction set on CPUs supporting this 04:07 < hyper_ch> so if you have aes-ni cpu won't it then help? 04:07 <@dazo> it can help ... but I see one key point in the paper which makes user-space usage of the in-cpu key storage less ideal 04:08 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 04:08 * ObamaIsAGangsta dissapointed in obama 04:08 <@dazo> as registers may be swapped out and non-swapped-out registers may be accessible by other applications 04:08 -!- ObamaIsAGangsta was kicked from #openvpn by dazo [this is not a political channel] 04:09 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 04:09 < hyper_ch> dazo: can you explain that in layman's terms? 04:10 < X0Rc0re> http://screensnapr.com/v/ayvTmP.png <<< do i put in 127.0.0.1 there? and the server IP? 04:10 <@vpnHelper> Title: View ayvTmP.png on ScreenSnapr (at screensnapr.com) 04:12 <@dazo> X0Rc0re: do you know what 127.0.0.1 means? and what that will do if you ask a server process to listen to only that IP? 04:12 < hyper_ch> X0Rc0re: for generating the config files you can use the confgen tool by krzee 04:12 < hyper_ch> !confgen 04:12 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 04:12 < X0Rc0re> its your loacal IP 04:12 < X0Rc0re> oh thanx :D 04:12 <@dazo> X0Rc0re: well, yes and no ... it is an IP address only accessible on that host 04:13 <@dazo> X0Rc0re: so if I ask you to hack 127.0.0.1 ... you'll just hack your own box 04:13 <@vpnHelper> RSS Update - forum: [ask] server behind router 04:13 < X0Rc0re> yea :p 04:13 < X0Rc0re> how do i run confgen? 04:15 <@dazo> hyper_ch: to run more applications in "parallel" (multi-tasking) the kernel's scheduler let a task (f.ex. an application) run for a certain time ... then it halts the running saves all CPU registers and puts it into RAM, load registers for the next task in the work queue and let that task run for a while, until it swaps it out again with yet another task in the work queue 04:15 <@dazo> of course, this gets even more complicated if you're having more CPU cores available ... but the principle is the same 04:16 <@dazo> so that means that if an application may access the key storage in the CPU, it may not be locked down for only one application ... more applications may get access to this information 04:17 <@dazo> *but* if the kernel is the "owner" of the CPU based key storage ... the kernel can make sure only the proper applications gets access to the corresponding keys in the key storage and nothing else 04:18 <@dazo> This will not be that trivial to implement in openssl ... as that will be a very Linux specific feature (at least for now) 04:18 < X0Rc0re> simple terms? 04:18 < X0Rc0re> :p 04:18 < X0Rc0re> wait nvm 04:19 <@dazo> X0Rc0re: to quote Albert Einstein: Make it as simple as possible, but no simpler 04:21 -!- master_of_master [~master_of@p57B52E02.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B55B06.dip.t-dialin.net] has joined #openvpn 04:28 < ObamaIsAGangsta> anyone know when 2.3 comes out 04:28 < ObamaIsAGangsta> looking forward to ipv6 full support 04:29 < X0Rc0re> dazo :p 04:30 <@dazo> ObamaIsAGangsta: no release date is set ... and we're still tweaking things for the alpha/beta releases ... hopefully we're getting something out around FOSDEM in beginning of February 04:30 < ObamaIsAGangsta> oh, your part of the dev team 04:30 <@dazo> ObamaIsAGangsta: but latest snapshots are considered runnable 04:31 <@dazo> ObamaIsAGangsta: I'm currently the gatekeeper of the community git tree for OpenVPN 04:31 <@dazo> !snapshots 04:31 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 04:31 < ObamaIsAGangsta> there's gonna have to be some good how to's... ipv6 is very confusing to most people 04:32 < X0Rc0re> how do you run bash scripts in windows? 04:32 <@dazo> ObamaIsAGangsta: we're not going to teach people IPv6 ... that somebody else need to do ... but we'll cover how to configure the IPv6 support 04:32 <@dazo> X0Rc0re: you normally don't 04:32 <@dazo> X0Rc0re: unless you install cygwin 04:32 < X0Rc0re> what is .sh file extension? 04:32 < X0Rc0re> how do i run it in windows? 04:33 <@dazo> X0Rc0re: the confgen stuff is written for POSIX shell (meaning not Windows) 04:33 < X0Rc0re> :( 04:33 < ObamaIsAGangsta> just to clarify, this won't be tunning ipv6 using ipv4 packets as the carrier, it'll be ipv6 packets carrying the encrypted packets 04:33 <@dazo> X0Rc0re: you got it wrong .... Windows s**ks 04:33 < X0Rc0re> dazo, i also have linux and mac osx 04:34 < X0Rc0re> linux i have slackware 04:34 < X0Rc0re> distro 04:34 < ObamaIsAGangsta> windows 7 fan here 04:34 < ObamaIsAGangsta> give your gf a laptop with linux and she'll find it confusing 04:34 <@dazo> ObamaIsAGangsta: full IPv6 support means both supporting OpenVPN connections over IPv6 *and* transporting IPv6 packets inside the VPN tunnel 04:34 < ObamaIsAGangsta> sweet 04:34 < ObamaIsAGangsta> good job 04:34 <@dazo> X0Rc0re: so use linux or osx 04:35 < X0Rc0re> i use windows mainly 04:35 < X0Rc0re> but i use both equally 04:35 < X0Rc0re> i have leopard not lion 04:35 <@dazo> doesn't matter ... as long as you have bash available 04:36 < X0Rc0re> yea, ill go on them later 04:56 < hyper_ch> dazo: thx :) 05:19 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 05:20 < ObamaIsAGangsta> some people dont know how to read 05:28 -!- Guest64230 [~nb@delta.bebout.us] has joined #openvpn 05:36 < X0Rc0re> I dont :dumb: 05:36 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has joined #openvpn 05:36 < aegidos> hello everybody 05:38 < X0Rc0re> hey 05:38 < aegidos> having trouble with my openVPN, nslookup on client works but if i open a browser the dns doesn't work, always page timeouts 05:38 < aegidos> http://pastebin.com/kDZriw3p 05:38 < aegidos> IRC doesn't work either, if i'm connected to my VPN 05:38 < aegidos> but mapping of networkdrives inside my VPN works 05:43 -!- Champi [Champi@rootshell.fr] has quit [Ping timeout: 252 seconds] 05:46 -!- Champi [Champi@rootshell.fr] has joined #openvpn 05:53 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 05:57 -!- zirikili [~cj@201.59.200.137] has joined #openvpn 05:57 < zirikili> hi guys... happy new year! 05:58 < zirikili> is there a network lenght limit for one instance of OpenVPN? I mean, may I use a class B network for my clients? 06:03 < hyper_ch> what's a class b network? 06:04 <@dazo> Usually a /16 subnet 06:04 <@dazo> (iirc) 06:04 < hyper_ch> dazo: you speak again geek :) 06:04 * hyper_ch is a network noob 06:04 <@dazo> hyper_ch: subnet mask is 16 bits .... 255.255.0.0 06:05 <@dazo> !1918 06:05 <@vpnHelper> "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi 06:05 < hyper_ch> because 8 bit is 256 06:05 < hyper_ch> and 16bit is a lot more? 06:05 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has quit [Ping timeout: 276 seconds] 06:05 -!- zirikili [~cj@201.59.200.137] has quit [Quit: leaving] 06:05 < hyper_ch> I still don't get it.... all those network description thingies are so difficult :) 06:07 <@dazo> hyper_ch: /24 subnets (8 bits available for addressing, 24 as a "fixed network prefix") is 255.255.255.0 06:07 < hyper_ch> I just whoised who owns my birthday IP, having used: DD.MM.YY.YY 06:07 < hyper_ch> it's xerox 06:07 <@dazo> so increasing to to /16 (16 bits available for addressing, 16 "fixed network prefix") ... actually doubles the /24 net 8 times 06:07 < hyper_ch> well, DD.MM.19.YY 06:08 <@dazo> (9 bits is twice as big as 8 bits, 10 bits are quadrupled from 8 bits) 06:11 < ObamaIsAGangsta> just use 255.0.0.0 06:11 < ObamaIsAGangsta> plenty 06:11 < hyper_ch> dazo: I think I get it slowly 06:18 <@dazo> ObamaIsAGangsta: in most networks, /24 nets (255.255.255.0) is more than plentiful .... using /18 or /16 covers absolutely the rest of most need ... going to /8 without really needing it is basically just clueless setups 06:19 <@dazo> hyper_ch: http://en.wikipedia.org/wiki/IPv4_subnetting_reference 06:20 <@vpnHelper> Title: IPv4 subnetting reference - Wikipedia, the free encyclopedia (at en.wikipedia.org) 06:20 < ObamaIsAGangsta> 256 06:20 < ObamaIsAGangsta> then divide by 3 06:21 < ObamaIsAGangsta> gives what, 80 clients can connect 06:21 < ObamaIsAGangsta> not enough for a big vpn operation 06:22 <@dazo> ObamaIsAGangsta: why divide by 3? 06:22 < ObamaIsAGangsta> thats what openvpn does 06:22 < ObamaIsAGangsta> uses up 3 for each client 06:22 < ObamaIsAGangsta> i read it somewhere 06:22 <@dazo> ObamaIsAGangsta: ahh, if you use --topology subnet ... you'll avoid that 06:22 < ObamaIsAGangsta> ipp.txt will say 10.8.0.4 for a client, but that client will be given 10.8.0.6 06:23 <@dazo> default (legacy from early openvpn days) is to use /30 nets for each client 06:23 <@dazo> !/30 06:23 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 06:23 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 06:24 <@dazo> so dividing on 4, is more correct when using the default /30 setup 06:24 < ObamaIsAGangsta> so its actually 4 06:24 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has joined #openvpn 06:24 < ObamaIsAGangsta> yea i see it now 06:25 -!- caemir_ [~caemir@unaffiliated/caemir] has joined #openvpn 06:25 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 06:25 -!- caemir_ is now known as caemir 06:25 < ObamaIsAGangsta> so 24 net = around 6000 clients 06:25 < ObamaIsAGangsta> 16k rather 06:27 < ObamaIsAGangsta> to allow more you just put server 255.255.0.0 10.8.0.0 right? 06:27 <@dazo> server 10.8.0.0 255.255.0.0 06:28 < ObamaIsAGangsta> ah yea 06:28 <@dazo> that'll give you a /16 subnet .... which is the maximum OpenVPN can tackle 06:28 < ObamaIsAGangsta> well there's no way 1 cpu core could ever handle that many clients anyway 06:28 <@dazo> That'll give you 16384 client networks 06:28 <@dazo> exactly 06:29 <@dazo> And OpenVPN already due to the single thread approach is already struggling when reaching ~150 clients 06:29 <@dazo> (if all clients are network intensive, or f.ex. using TAP and not TUN) 06:30 < ObamaIsAGangsta> one could run another openvpn daemon per core 06:30 < ObamaIsAGangsta> not sure if they'd both pick out addresses from the same pool though 06:31 <@dazo> yeah, but then its clever to let each openvpn use its own subnet 06:31 < ObamaIsAGangsta> never tried setting up two instances running 06:31 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 06:31 <@dazo> or else the routing is going to be far more complicated 06:31 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 06:31 < ObamaIsAGangsta> so other one could be server 10.9.0.0 255.255.0.0 06:32 < ObamaIsAGangsta> add seperate nat rule etc 06:32 <@vpnHelper> RSS Update - forum: openvpn and source based routing 06:34 < hyper_ch> dazo: EugeneKay: krphop_: http://motivatedcats.iblogger.org/images/cat_tinfoil.jpg 06:34 <@dazo> :-P 06:34 < hyper_ch> I have to prep my furballs :) 06:34 < ObamaIsAGangsta> should be kicked 06:34 < ObamaIsAGangsta> i was kick for mention government 06:35 -!- Cubox [~Cubox@unaffiliated/cubox] has quit [Remote host closed the connection] 06:35 -!- Cubox [~Cubox@unaffiliated/cubox] has joined #openvpn 06:36 < X0Rc0re> With OpenVPN, do the people connecting to the VPN have a GUI to connect? 06:36 < X0Rc0re> can they connect using this : http://openvpn.net/index.php/open-source/documentation/howto.html#config 06:36 <@vpnHelper> Title: HOWTO (at openvpn.net) 06:36 < ObamaIsAGangsta> are there any decent how to's online dealing with running multiple instances 06:36 < X0Rc0re> oops 06:36 < ObamaIsAGangsta> interesting stuff 06:36 < X0Rc0re> http://screensnapr.com/v/mwvGKO.png 06:36 <@vpnHelper> Title: View mwvGKO.png on ScreenSnapr (at screensnapr.com) 06:37 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 06:38 < X0Rc0re> dazo: how do users connect to Eurephi?a 06:38 < X0Rc0re> ? 06:38 < X0Rc0re> SSH runneling? 06:38 <@dazo> X0Rc0re: users don't connect to eurephia ... they connect to an openvpn server 06:38 < X0Rc0re> tunneling* 06:38 < X0Rc0re> well i mean auth* 06:39 < X0Rc0re> do they authenticate through putty? 06:39 <@dazo> X0Rc0re: you obviously haven't read the documentation 06:39 < ObamaIsAGangsta> i told him to 06:39 < ObamaIsAGangsta> got tired of spoon feed 06:39 <@dazo> X0Rc0re: openvpn clients needs to to be told to ask for username/password .... but *before* you think about that .... just ignore eurephia and get openvpn working 06:40 <@dazo> without username/password authentication 06:40 <@dazo> when that works, you have a setup ready to be expanded 06:40 < X0Rc0re> ok :) 06:45 < ObamaIsAGangsta> this is a good pic for any1 not understanding ip 06:45 < ObamaIsAGangsta> http://www.ripe.net/images/cidr_working42.jpg 06:50 < X0Rc0re> May i just ask, how many people can connect to the VPN at once? 06:57 -!- X0Rc0re_ [~chatzilla@203-206-79-95.dyn.iinet.net.au] has joined #openvpn 06:59 -!- X0Rc0re [~chatzilla@124.148.205.10] has quit [Ping timeout: 260 seconds] 06:59 -!- X0Rc0re_ is now known as X0Rc0re 07:05 <@dazo> X0Rc0re: many ... up to 150 without any problem ... for more than 150, it depends on your config 07:06 <@dazo> and how much traffic your clients push through the tunnel 07:13 -!- X0Rc0re_ [~chatzilla@124-169-237-96.dyn.iinet.net.au] has joined #openvpn 07:13 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has quit [Ping timeout: 244 seconds] 07:13 < ErichG> Good morning all. I'm trying to get a site-site bridging server up and running on OSX Lion. I have successfully installed the tap driver, and the site B server (tomatoVPN) successfully connects and exchanges packets on the tap.... 07:13 < ErichG> the problem is that I can't figure out how to actually make a bridge device on the Mac. 07:14 -!- X0Rc0re [~chatzilla@203-206-79-95.dyn.iinet.net.au] has quit [Ping timeout: 252 seconds] 07:14 -!- X0Rc0re_ is now known as X0Rc0re 07:15 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has joined #openvpn 07:16 < ObamaIsAGangsta> how come this isnt working 07:16 < ObamaIsAGangsta> openvpn --daemon --config /etc/openvpn/secondcore/server.conf 07:16 < ObamaIsAGangsta> should start my 2nd instance 07:18 <@dazo> ObamaIsAGangsta: what does the log say? 07:18 -!- aegidos [~admin@tmo-103-47.customers.d1-online.com] has quit [Client Quit] 07:18 <@dazo> ErichG: just a control question first: Why do you need to bridge the network? 07:18 -!- X0Rc0re [~chatzilla@124-169-237-96.dyn.iinet.net.au] has quit [Read error: Connection reset by peer] 07:19 < ErichG> dazo: One of the main purposes of the VPN is to get NAT out of freeswitch. 07:19 -!- aegidos [~admin@tmo-103-96.customers.d1-online.com] has joined #openvpn 07:20 < ErichG> otherwise I would route 07:20 < ObamaIsAGangsta> there's no server log to look at, its supposed to create its own seperate log in secondcore dir 07:20 < ObamaIsAGangsta> otherwise the two logs would be overwriting eachother 07:21 < ErichG> dazo: sorry for that sentence... essentially I have a lot of SIP clients connecting to a remote server. 07:21 < ErichG> also.. I've had this working for years under linux.. 07:23 <@dazo> ObamaIsAGangsta: just add --log /tmp/openvpn.log ... and you'll get it 07:24 -!- aegidos [~admin@tmo-103-96.customers.d1-online.com] has left #openvpn [] 07:24 <@vpnHelper> RSS Update - forum: Date-Time stamp in log name 07:26 < ObamaIsAGangsta> ok now 2 processes show up on htop 07:26 -!- rawplayer [~foo@shell.students.os3.nl] has joined #openvpn 07:26 < ObamaIsAGangsta> normally i just start openvpn by tying service openvpn start 07:26 <@dazo> ErichG: okay ... well, I don't know much about OSX .... but in general, SIP should (in theory) work fine on non-bridged network (using routing) as well ... you basically need TAP and bridging when the broadcast traffic is important in the network 07:27 -!- X0Rc0re [~chatzilla@58-7-211-238.dyn.iinet.net.au] has joined #openvpn 07:27 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Read error: Connection reset by peer] 07:27 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 07:32 < ErichG> dazo: thanks for the advice - I'll give it a shot... (I had been enjoying some broadcast dependent features of OSX, like bonjour service advertising... iTunes sharing). 07:32 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Ping timeout: 276 seconds] 07:33 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 07:34 <@dazo> yeah, bonjour/mdns and such stuff uses a lot of multicast and broadcast traffic 07:34 < ErichG> to the room - if there are any Mac experts who are also OPVN devs, it would be great to get some docs out on how to bridge in Lion. All the best everyone, Happy New Year! 07:34 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Read error: Connection reset by peer] 07:34 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has joined #openvpn 07:34 <@dazo> ErichG: my guess is that krzee and/or ecrist are those who knows most about ovpn and osx 07:35 < ErichG> dazo: thanks - I'll have a loot for them. 07:35 -!- X0Rc0re [~chatzilla@58-7-211-238.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:36 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has joined #openvpn 07:36 < aegidos> Hy i don't get it. my openvpn is running and i can connect to my home debian machine 07:36 < ErichG> s/loot/look lol 07:36 < aegidos> network mapping is working 07:37 < aegidos> browsing with IP is workung 07:37 < aegidos> but DNS isn't workung 07:37 < aegidos> working 07:37 <@dazo> !dns 07:37 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns 07:37 <@dazo> !pushdns 07:37 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 07:37 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 07:37 < aegidos> i even pushed the ip over push dhcp 07:37 <@dazo> aegidos: which os? 07:37 <@dazo> Windows? 07:37 < aegidos> 8.8.8.8 DNS pushed to clients doesnt work dazo 07:37 < aegidos> OS X + Tunnelblick 07:38 < aegidos> nslookup works either on the client 07:39 <@dazo> aegidos: ahh, okay ... sorry, I don't know much about osx ... but I believe /etc/resolv.conf should get updated 07:39 < aegidos> but i can not route out of my network 07:39 < aegidos> i updated resolve.conf 07:39 < ObamaIsAGangsta> hmm i see that by itself it has added a new tun device, tun1 07:39 < ObamaIsAGangsta> normal? 07:39 <@dazo> if you can't route out of your network ... you got routing or firewall/nat issues 07:40 < ObamaIsAGangsta> i was able to connect to the second instance and ping 10.9.0.1 07:40 <@dazo> ObamaIsAGangsta: yupp, that's normal ... one tun/tap device per openvpn process 07:40 < ObamaIsAGangsta> what im doing is just academic interest i guess, my average load per 1 core is 0.02 over last 30 days lol 07:41 < aegidos> okay firewall issues might indicated my iptables is blocking sth but i did masquerading and this stuff too 07:41 < aegidos> http://forums.openvpn.net/topic9504.html#p19077 07:41 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN+Shorewall. Internal routing OK, external fails : Server Administration (at forums.openvpn.net) 07:41 <@dazo> aegidos: use tcpdump or wireshark to see if the dns requests goes out on the proper interfaces on your vpn server 07:42 < aegidos> yes tcpdump does: http://pastebin.com/3XfytQhE 07:43 < aegidos> it does some DNS on d1-online what seems to be the google DNS 8.8.8.8 07:44 < ObamaIsAGangsta> i'm guessing this is the only firewall change needed? http://pastebin.com/LQBRTs18 07:44 < ObamaIsAGangsta> just some new forward and nat rules 07:45 < aegidos> i could try this again ObamalsAGansta 07:47 < aegidos> iptables postrouting doesn't work either 07:47 -!- rommel092079 [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has joined #openvpn 07:48 < ObamaIsAGangsta> ? 07:48 < aegidos> i tried your code from pastebin 07:48 < aegidos> http://pastebin.com/LQBRTs18 07:51 -!- akm22562 [~andrew.mi@99-89-67-145.uvs.lsvlky.sbcglobal.net] has joined #openvpn 07:51 <@dazo> that looks fine (I would probably use -j DROP instead of -j REJECT, but that's nitpicking) 07:52 <@dazo> aegidos: what does tcpdump of the tunnel interface say on the server? (please apply -n to tcpdump to make it more readable) 07:52 -!- ObamaIsAGangsta [~newegggg@208.111.39.186] has quit [Read error: Connection reset by peer] 07:52 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has joined #openvpn 07:52 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? || OpenVPN+Shorewall. Internal routing OK, external fails 07:53 < ObamaIsAGangsta> works 07:53 < ObamaIsAGangsta> am now connected from the 2nd daemon ;) 07:53 < aegidos> hm 07:53 < ObamaIsAGangsta> just dont know how to bind it to the other cpu core 07:53 < ObamaIsAGangsta> but thats more of a linux question 07:53 <@dazo> ObamaIsAGangsta: yeah, look for taskset ... CPU affinity is the feature you'll be looking for 07:54 < rommel092079> sir dazo, our ISP has its own dns. and with their own dns, when I use vpn, there is no internet. moreover, if I use other public or private dns, there is no internet still. if this is the situation, I cannot use vpn traffic 07:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 07:57 < akm22562> I feel stupid asking this but... I have a site-to-site shared key tunnel setup. It works great from both LANs. However, if I VPN into to a LAN, I can't talk down the tunnel. Can anyone offer advise, please? 07:58 <@dazo> !route 07:58 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 07:58 <@dazo> akm22562: ^^ 07:59 < ObamaIsAGangsta> i do find it a little odd that both process look different, only difference is port number in configs and ippool 07:59 < ObamaIsAGangsta> http://screensnapr.com/v/ahRe3s.png 07:59 <@vpnHelper> Title: View ahRe3s.png on ScreenSnapr (at screensnapr.com) 08:00 <@dazo> ObamaIsAGangsta: process 3534 is started via a init script most likely, while your other process is started manually 08:01 < ObamaIsAGangsta> that is what happened, seems the manual one hasn't chrooted itself properly 08:01 < ObamaIsAGangsta> to /var/run/openvpn 08:02 <@dazo> ObamaIsAGangsta: which distro are you on? 08:02 < ObamaIsAGangsta> centos 5.5 08:02 -!- rommel092079 [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has quit [Quit: Page closed] 08:03 <@dazo> then it should be enough to have your second config in /etc/openvpn and do a 'service openvpn restart' .... 08:03 < ObamaIsAGangsta> yea but i can't have two files both named server.conf 08:03 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has quit [Read error: Connection reset by peer] 08:03 < ObamaIsAGangsta> as i know it looks for that name not xxx.conf 08:03 <@dazo> ObamaIsAGangsta: just give it another name (server2.conf) 08:03 < ObamaIsAGangsta> ahhhh ok 08:04 <@dazo> iirc, it looks for /etc/openvpn/*.conf 08:04 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has joined #openvpn 08:04 < ObamaIsAGangsta> convenient then wont have to copy all the key crts to new dir 08:04 <@dazo> :) 08:04 < ErichG> dazo: et.al. I just discovered that, unlike FreeBSD, in OSX Lion you actually have to specify a device number, ala, #ifconfig bridge0 create. FreeBSD looks for existing bridges and adds an index automatically. People have been waiting for bridging in OSX forever.. so you may start seeing this question more. 08:05 <@dazo> ahh 08:05 < ErichG> made me feel pretty tupid, lol. 08:05 <@dazo> s/t/c/ :-P 08:05 < ErichG> lol 08:06 < ErichG> cheers all - enjoy the day! 08:06 <@dazo> u2 08:06 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has left #openvpn [] 08:08 < ObamaIsAGangsta> it only started server.conf process 08:08 -!- aegidos [~admin@tmo-102-35.customers.d1-online.com] has quit [Ping timeout: 252 seconds] 08:11 <@dazo> ObamaIsAGangsta: then checking /var/log/messages .... or other log files might be an idea 08:12 <@dazo> I just checked /etc/init.d/openvpn on a CentOS 5.7 box, and it should be decent enough to start all configs 08:14 < ObamaIsAGangsta> disabled privacy extensions tun1 08:15 < ObamaIsAGangsta> ahh nevermind 08:15 < ObamaIsAGangsta> im silly, i put both conf files in /secondcore 08:19 <@vpnHelper> RSS Update - forum: How to implement same key can only one client is online? || possible ways to establish ddns updates for openvpn clients 08:19 < ObamaIsAGangsta> working ;) 08:20 < ObamaIsAGangsta> thanks you really are the resident expert in here 08:21 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 08:25 <@vpnHelper> RSS Update - forum: TLS negotiation failed with UDP 08:26 -!- akm22562 [~andrew.mi@99-89-67-145.uvs.lsvlky.sbcglobal.net] has quit [Remote host closed the connection] 08:30 < ObamaIsAGangsta> its so easy to do i dont see why multicore support is a big deal 08:32 < ObamaIsAGangsta> just noticed i can ping 10.8.0.1 and 10.9.0.1 when connected via either daemon 08:32 < ObamaIsAGangsta> guess makes sense 08:32 < ObamaIsAGangsta> anyway time to sleep thanks every1 08:33 -!- ObamaIsAGangsta [~newegggg@61.170.211.238] has quit [] 08:36 -!- Mowee [~Mowi@lendabrain.net] has joined #openvpn 08:37 <@vpnHelper> RSS Update - forum: Road Warrior setup || How to implement same key can only one client is online? || New Site-to-Site Tunnel With Partial Connectivity 08:37 -!- Guest64230 [~nb@delta.bebout.us] has quit [Changing host] 08:37 -!- Guest64230 [~nb@fedora/znc.nb] has joined #openvpn 08:38 -!- Guest64230 [~nb@fedora/znc.nb] has quit [Quit: ZNC - http://znc.in] 08:43 <@vpnHelper> RSS Update - forum: [resoved]How to implement same key can only one client ... 08:49 -!- nb [~nb@fedora/znc.nb] has joined #openvpn 08:52 -!- Cubox [~Cubox@unaffiliated/cubox] has quit [Quit: WeeChat 0.3.7-dev] 09:02 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 09:13 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 09:22 < ecrist> did ErichG get his problem solved, dazo? 09:23 <@dazo> ecrist: yeah, it was that osx requires the bridge index number ... while *bsd don't need it and does the indexing automatically 09:24 < ecrist> os x bridge support is new in 10.7, fwiw 09:26 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 09:29 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has joined #openvpn 09:43 -!- pierreghz [~pierreghz@cust-215-74-111-94.dyn.as47377.net] has joined #openvpn 09:55 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 10:02 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 10:02 < aegidos> nabend 10:02 < aegidos> unbelievable 10:03 < aegidos> my vpn works a little bit better than today morning 10:03 < aegidos> but the client isn`t able to access the internet 10:03 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:03 < aegidos> DNS doesn't work, IRC doesn't work either 10:03 < aegidos> !pushdns 10:03 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 10:03 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 10:04 < aegidos> already tried this but it doesn't work 10:04 < aegidos> if i am in my VPN i can ssh to the openVPN Server 10:04 < aegidos> the server can browse, i tried with command line warrior browser w3m :-D 10:05 < aegidos> but not the client 10:05 < aegidos> anybody some routing experience, why the client can not browse? 10:06 < ecrist> !def1 10:06 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 10:07 < ecrist> are you handing out 'real' IPs, or are you using NAT for VPN clients 10:08 < aegidos> there is a NAT implemented to do a translation between 10.8.0.0 and gateway 192.168.178.77 10:08 < aegidos> a static route was added to my fritzbox 10:09 < ecrist> !welcome 10:09 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:10 < aegidos> http://pastebin.com/MbWLVWd2 10:10 < aegidos> http://pastebin.com/HdXeAycM 10:11 < aegidos> here my server conf http://pastebin.com/GNviTvUQ 10:12 < aegidos> my client.conf http://pastebin.com/GE06sZ73 10:12 < aegidos> I'm running OSX Snow LEO and using Tunnelblick to connect 10:13 < ecrist> as the client or the server? 10:13 < aegidos> openvpn is running over debian 10:13 < aegidos> the client is OSX the server debian 10:15 < ecrist> with the VPN up, show me `netstat -rn` on the mac 10:16 < ecrist> also, unless you have a good reason, you should be using UDP instead of TCP 10:16 < aegidos> okay, my IRC will exit if i connect to vpn 10:16 < aegidos> okay i can change to UDP on server and client side no problem 10:17 < ecrist> !tcp 10:17 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 10:18 -!- aegidos_ [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 10:18 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 10:18 -!- aegidos_ is now known as aegidos 10:18 < aegidos> http://pastebin.com/h2FcZdTw 10:19 < ecrist> is your VPN server and VPN client on the same lan? 10:19 < aegidos> now they are yes 10:19 < ecrist> that's not going to work. 10:20 < aegidos> okay than i will make a netstat when i'm outside and connected via mobile phone tethering 10:20 < aegidos> + 10:20 < ecrist> there you go 10:20 < aegidos> thanks a lot !! 10:21 < aegidos> seems that you will crack that nut :-D 10:21 < ecrist> ? 10:22 < aegidos> had today some discussions about my problem but nobody could help me 10:22 < ecrist> many users here are from the US, and today is a business holiday 10:23 < ecrist> I just happen to be using today to work on the openvpn forum 10:23 <@vpnHelper> RSS Update - forum: Bridging on Windows Server 2008 R2 10:24 < aegidos> okay cool 10:24 < aegidos> goin to reboot 10:24 < ecrist> not sure why you need to reboot 10:24 < ecrist> but enjoy 10:25 < aegidos> changed my tunnelblick config to udp :-D 10:25 < ecrist> no need to reboot 10:25 < aegidos> okay than i will stay 10:25 < ecrist> next time you connect, it just uses the config 10:27 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 10:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:27 < aegidos> okay that should work 10:28 < aegidos> but now i'm switching to thethering. short time disconnected ... 10:30 -!- pierreghz [~pierreghz@cust-215-74-111-94.dyn.as47377.net] has quit [Ping timeout: 252 seconds] 10:30 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 10:33 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:34 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 10:35 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 10:36 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:38 -!- aegidos_ [~admin@tmo-103-185.customers.d1-online.com] has joined #openvpn 10:38 < aegidos_> okay again here 10:40 < hyper_ch> hi ecrist 10:40 < aegidos_> now i changed to UDP and get a new error 10:40 < aegidos_> http://pastebin.com/7Ch4uzbf 10:40 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 10:40 -!- aegidos_ is now known as aegidos 10:41 < aegidos> http://pastebin.com/JJvpV3uY 10:44 -!- pierreghz [~pierreghz@cust-14-25-111-94.dyn.as47377.net] has joined #openvpn 10:45 -!- dazo is now known as dazo_afk 10:46 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 10:51 < ecrist> looks like a firewall issue or something 10:56 < aegidos> okay switching back to udp :-D 10:56 < aegidos> to find the rootcause 10:57 -!- aegidos_ [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 10:57 -!- aegidos [~admin@tmo-103-185.customers.d1-online.com] has quit [Read error: Connection reset by peer] 10:57 -!- aegidos_ is now known as aegidos 10:58 -!- aegidos_ [~admin@tmo-096-129.customers.d1-online.com] has joined #openvpn 11:02 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 11:02 -!- aegidos_ is now known as aegidos 11:02 -!- SOG [~SOG@168.70.16.99] has quit [Quit: I will be back!] 11:03 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 11:11 -!- aegidos [~admin@tmo-096-129.customers.d1-online.com] has quit [Remote host closed the connection] 11:11 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 11:12 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Read error: Connection reset by peer] 11:12 -!- aegidos_ [~admin@tmo-096-129.customers.d1-online.com] has joined #openvpn 11:13 < aegidos_> switching to tcp failed 11:13 < aegidos_> now nor udp/tcp works 11:13 < ecrist> both client/server needs to match 11:15 < aegidos_> yes they do 11:15 < aegidos_> now both switched back to tcp 11:16 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 11:16 -!- aegidos_ is now known as aegidos 11:16 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:16 < aegidos> and i rebooted the server 11:17 < aegidos> but that doesn't help 11:17 -!- aegidos_ [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 11:17 -!- aegidos [~admin@tmo-096-129.customers.d1-online.com] has quit [Read error: Connection reset by peer] 11:17 -!- aegidos_ is now known as aegidos 11:18 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Client Quit] 11:19 < ecrist> ErichG: saw your questions about Mac OS X and bridge interface 11:19 < ecrist> just an FYI, bridge support in OS X is new in 10.7 11:19 < ErichG> ecrist: thanks - I figured that out finally with dazo's help... 11:21 < ErichG> although I seem to have routing problems I didn't in linux.. working though that now. I routers can talk to each other over the link, but nothing else in the subnet.... I'll be back if I can't grock it ;-) 11:21 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:21 -!- mode/#openvpn [+o raidz] by ChanServ 11:22 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 11:22 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:22 -!- smerz [~smerz@smerz.demon.nl] has joined #openvpn 11:23 -!- [neg]r01dz [~neg]r01dz@gateway/tor-sasl/negr01dz/x-41213968] has joined #openvpn 11:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 11:24 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has joined #openvpn 11:24 < [neg]r01dz> Hello. 11:24 < aegidos> okay here is my netstat http://pastebin.com/Ve2qaf5f 11:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:24 < ecrist> [neg]r01dz: color in here sucks, please refrain from it 11:24 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 11:24 < ecrist> particularly in silly combinations 11:25 < [neg]r01dz> Then set the channel mode to +C, silly. 11:26 -!- mode/#openvpn [+o ecrist] by ChanServ 11:26 -!- mode/#openvpn [+c] by ChanServ 11:27 < [neg]r01dz> See, it works. 11:27 < [neg]r01dz> or not.. 11:27 <@ecrist> aegidos: I don't need private messages, either 11:27 < [neg]r01dz> capital c. 11:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:27 <@ecrist> capital C is for CTCP 11:27 <@ecrist> lower c is for color 11:27 < [neg]r01dz> ah. 11:28 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 11:28 <@ecrist> http://freenode.net/using_the_network.shtml for your reference 11:29 <@vpnHelper> Title: freenode: using the network (at freenode.net) 11:30 < [neg]r01dz> Well, channel ctcp can be used to cause a massive PITA as well. 11:30 < [neg]r01dz> Want me to demonstrate?;) 11:30 < aegidos> i guess my tun0 configuration looks good 11:31 < aegidos> but not sure about the flag setting 11:34 <@ecrist> [neg]r01dz: if you want to never make it back in here, by all means. ;) 11:34 <@ecrist> aegidos: post new copies of your current server/client configs, please 11:35 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:35 < aegidos> okay but i switched them back to TCP because UDP didn't work properly 11:35 <@ecrist> well, if you're getting connected, no need 11:36 < aegidos> client: http://pastebin.com/wcVhxLLj 11:36 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:36 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 11:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 11:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:37 < aegidos> server.conf http://pastebin.com/1ZAF14Q7 11:40 < aegidos> !welcome 11:40 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:40 < aegidos> !configs 11:40 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 11:40 < [neg]r01dz> !jews did nine eleven 11:40 <@vpnHelper> RSS Update - forum: Problem connecting Windows 7 to OpenVPN 11:41 -!- [neg]r01dz [~neg]r01dz@gateway/tor-sasl/negr01dz/x-41213968] has left #openvpn ["Jews did WTC"] 11:42 -!- mode/#openvpn [+b *!*@*negr01dz*] by ecrist 11:43 < aegidos> http://pastebin.com/cT3fMA3Y 11:43 < aegidos> open vpn version is this http://pastebin.com/cT3fMA3Y 11:43 <@ecrist> you need to upgrade 11:44 <@ecrist> 2.2.2 is the current version 11:44 < aegidos> okay i will look how ;-) 11:53 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 240 seconds] 11:53 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 11:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:56 -!- Cubox [~Cubox@vps.e-noob.eu] has joined #openvpn 11:57 -!- Cubox [~Cubox@vps.e-noob.eu] has quit [Changing host] 11:57 -!- Cubox [~Cubox@unaffiliated/cubox] has joined #openvpn 11:59 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 252 seconds] 12:03 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 12:03 -!- skynet-2000 is now known as SkyNet-2000 12:06 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 12:09 -!- SkyNet-2000 is now known as SkyNet 12:10 -!- SkyNet is now known as Guest93730 12:11 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Remote host closed the connection] 12:11 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 12:12 -!- Guest93730 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 12:12 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:15 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 12:19 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 12:33 -!- Duryodhan_ [Duryodhan@117.225.215.211] has joined #openvpn 12:44 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 12:45 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 240 seconds] 12:48 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has joined #openvpn 12:48 < Duryodhan> hay anyone using endian..??? 12:49 < hyper_ch> yes 12:50 -!- Duryodhan_ [Duryodhan@117.225.215.211] has quit [Ping timeout: 276 seconds] 12:51 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has quit [Client Quit] 12:51 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has joined #openvpn 12:52 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 12:52 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 12:52 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 12:52 -!- mode/#openvpn [+v Axeman] by ChanServ 12:55 < Duryodhan> anyone one using endian..?? 12:56 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 12:57 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 12:57 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:58 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has left #openvpn [] 13:02 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 13:04 < Duryodhan> hy 13:05 <@ecrist> what is endian? 13:05 < hyper_ch> it's some kind of salad 13:06 * hyper_ch gives a cookie to ecrist 13:06 * jeev takes the cookie away 13:08 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 13:08 < Duryodhan> no 13:08 < Duryodhan> its firewall 13:08 < Duryodhan> open source 13:09 * TJNII is using little-endian hw right now. 13:09 <@ecrist> we don't support firewall packages in here. 13:09 < Duryodhan> ok 13:09 < Duryodhan> thanx 13:10 -!- skynet-2000 is now known as _SkyNet|1000` 13:11 -!- _SkyNet|1000` is now known as SkyNet-1000 13:20 -!- SkyNet-1000 is now known as DataZombie 13:21 -!- Duryodhan [Duryodhan@2002:75e0:7855::75e0:7855] has quit [Ping timeout: 268 seconds] 13:30 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 13:31 -!- DataZombie is now known as ItsMe` 13:32 -!- ItsMe` is now known as skynet-2000 13:34 -!- skynet-2000 is now known as ITsMe` 13:34 -!- ITsMe` is now known as skynet-2000 13:34 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:37 -!- Axeman2 [~Axeman3@knox.pace.edu] has joined #openvpn 13:37 -!- Axeman2 [~Axeman3@knox.pace.edu] has quit [Changing host] 13:37 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 13:37 -!- mode/#openvpn [+v Axeman2] by ChanServ 13:41 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 13:47 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 13:51 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 13:59 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Read error: Connection reset by peer] 14:19 < aegidos> ecrist: openvpn is already the newest version. 14:25 <@ecrist> it is? 14:25 <@ecrist> 2.0.9 is old 14:25 <@ecrist> very very old 14:44 < hyper_ch> 2.0.9 doesn't support topology 14:47 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 14:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:55 -!- aegidos_ [~admin@p54B5D9F3.dip.t-dialin.net] has joined #openvpn 14:57 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 14:58 -!- aegidos [~admin@p54B5B462.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 14:58 -!- aegidos_ is now known as aegidos 15:06 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 15:07 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 15:09 -!- aegidos_ [~admin@p54B5D9F3.dip.t-dialin.net] has joined #openvpn 15:09 -!- aegidos [~admin@p54B5D9F3.dip.t-dialin.net] has quit [Ping timeout: 244 seconds] 15:09 -!- aegidos_ is now known as aegidos 15:11 -!- aegidos_ [~admin@tmo-102-114.customers.d1-online.com] has joined #openvpn 15:14 -!- aegidos [~admin@p54B5D9F3.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 15:14 -!- aegidos_ is now known as aegidos 15:16 -!- aegidos_ [~admin@p54B5D9F3.dip.t-dialin.net] has joined #openvpn 15:19 -!- aegidos [~admin@tmo-102-114.customers.d1-online.com] has quit [Ping timeout: 252 seconds] 15:19 -!- aegidos_ is now known as aegidos 15:23 -!- aegidos_ [~admin@p54B5AFAD.dip.t-dialin.net] has joined #openvpn 15:27 -!- aegidos [~admin@p54B5D9F3.dip.t-dialin.net] has quit [Ping timeout: 268 seconds] 15:27 -!- aegidos_ is now known as aegidos 15:34 -!- aegidos_ [~admin@p54B5C3EF.dip.t-dialin.net] has joined #openvpn 15:35 -!- aegidos_ [~admin@p54B5C3EF.dip.t-dialin.net] has quit [Remote host closed the connection] 15:37 -!- aegidos_ [~admin@p54B5C3EF.dip.t-dialin.net] has joined #openvpn 15:37 -!- aegidos [~admin@p54B5AFAD.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 15:37 -!- aegidos_ is now known as aegidos 15:37 -!- aegidos [~admin@p54B5C3EF.dip.t-dialin.net] has quit [Remote host closed the connection] 15:41 -!- aegidos [~admin@p54B5C3EF.dip.t-dialin.net] has joined #openvpn 15:49 -!- aegidos [~admin@p54B5C3EF.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 15:51 -!- aegidos [~admin@p54B5D30F.dip.t-dialin.net] has joined #openvpn 15:55 -!- aegidos [~admin@p54B5D30F.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 15:55 -!- happylife [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 16:16 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Remote host closed the connection] 16:21 -!- SOG [~SOG@168.70.16.99] has left #openvpn [] 16:24 -!- Netsplit *.net <-> *.split quits: +Mp5-, cron2, Deathvalley122, tabakhase 16:25 -!- Netsplit over, joins: Mp5- 16:25 -!- Netsplit over, joins: tabakhase, cron2, Deathvalley122 16:25 -!- mode/#openvpn [+o cron2] by ChanServ 16:32 -!- pierreghz [~pierreghz@cust-14-25-111-94.dyn.as47377.net] has quit [Read error: Connection reset by peer] 16:42 -!- nb [~nb@fedora/znc.nb] has quit [Ping timeout: 268 seconds] 16:53 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 240 seconds] 16:54 -!- Denial [Denial@drgi.co.uk] has quit [] 16:54 -!- Guest59671 [~nb@delta.bebout.us] has joined #openvpn 16:55 -!- Guest59671 [~nb@delta.bebout.us] has quit [Changing host] 16:55 -!- Guest59671 [~nb@fedora/znc.nb] has joined #openvpn 16:55 -!- Guest59671 [~nb@fedora/znc.nb] has left #openvpn [] 16:57 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has joined #openvpn 16:58 < astrostl> i have a client connecting with a bridged ip of 10.10.9.5. its lan ip is 10.0.3.13. if i do a "route add 10.0.3.13 gw 10.10.9.5" on the server i get what i want. how/where should i put that command in the server? i put "route 10.0.3.13 255.255.255.0 10.10.9.5" in server.conf but no dice. 17:00 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has joined #openvpn 17:00 -!- mocas_ [~mocas@87-196-118-159.net.novis.pt] has joined #openvpn 17:03 -!- mocas [~mocas@87.196.121.23] has quit [Ping timeout: 248 seconds] 17:19 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has joined #openvpn 17:19 < Discombobulation> yo 17:20 < Discombobulation> !goal 17:20 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 17:20 < Discombobulation> !welcome 17:20 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 17:21 < Discombobulation> !howto 17:21 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 17:22 < Discombobulation> derp 17:25 < Discombobulation> are licenses mandatory when setting up an OpenVPN server, or can it be done without licenses? 17:25 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 17:26 < JoeyJoeJo> I've got an open vpn connection working between two ddwrt routers. However, machines behind my client ddwrt can't ping the remote network. I can ping the remote network from the client ddwrt. How can I fix that? 17:28 <+TJNII> Discombobulation: Licenses? What licenses? You mean the certs? 17:28 < Discombobulation> TJNII: http://openvpn.net/index.php/access-server/pricing.html 17:28 <@vpnHelper> Title: Pricing Guide (at openvpn.net) 17:29 < Discombobulation> that has me confused. i was under the impression OpenVPN is free software o_0 17:29 <+TJNII> Discombobulation: That's the paid support thing, I believe. You don't need a license to use OpenVPN/. 17:29 < Discombobulation> ahh ok 17:29 < Discombobulation> tyvm 17:29 <+TJNII> Oh, that's the access server 17:29 <+TJNII> I don't know anything about it, don't use it 17:30 < Discombobulation> ahh 17:30 < Discombobulation> 1 more Q 17:31 < Discombobulation> how much hardware would you need to run a dedicated OpenVPN server for like, 1-4 users max at a time? 17:31 < Discombobulation> probably not much im sure 17:31 < krzee> anything 17:31 < krzee> a lil openwrt router would be fine 17:31 < krzee> assuming you arent pushing major bits 17:33 < Discombobulation> mkay 17:34 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has quit [] 17:34 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 17:38 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 17:50 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Ping timeout: 255 seconds] 17:52 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 17:57 -!- Beave [~champ@bundy.vistech.net] has quit [Read error: Operation timed out] 17:57 -!- Beave [~champ@bundy.vistech.net] has joined #openvpn 18:01 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has quit [Remote host closed the connection] 18:05 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 18:05 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 18:05 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has joined #openvpn 18:17 -!- EugeneKay [eugene@itvends.com] has quit [Ping timeout: 252 seconds] 19:08 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 19:09 -!- _julian_ [~quassel@hmbg-4d06d37e.pool.mediaWays.net] has joined #openvpn 19:13 -!- _julian [~quassel@hmbg-4d06eeab.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:34 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 19:34 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 19:34 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:59 -!- smerz [~smerz@smerz.demon.nl] has quit [Remote host closed the connection] 20:40 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 20:40 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Ping timeout: 252 seconds] 20:57 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 20:57 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:02 -!- forgotten [forgotten@is.undroppable.co.uk] has joined #openvpn 21:02 < forgotten> i'm having trouble generating Client certs for openvpn. Not writing to database, then cert file is Empty. 21:04 < forgotten> and says: failed to update database 21:04 < forgotten> TXT_DB error number 2 21:13 < forgotten> oh i fixed that :) now i'm gettin connection refused lol 21:20 -!- jordanm [~jordanm@pdpc/supporter/active/jordanm] has joined #openvpn 21:20 -!- jordanm [~jordanm@pdpc/supporter/active/jordanm] has left #openvpn [] 21:54 <@ecrist> Discombobulation: we don't support AS in here 21:54 <@ecrist> !as 21:54 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 21:54 < Discombobulation> no problem 21:54 < Discombobulation> i was assuming the license was for openvpn itself 21:54 <@ecrist> AS is a commercial product, and this is the support channel for the open-source software. 21:54 <@ecrist> ah, no, it's not 21:55 < Discombobulation> yeah 21:55 < Discombobulation> glad i got that clarified 22:00 < forgotten> can someone help me with PF on openbsd to allow clients to connect to openvpn ? 22:02 < krzie> !notovpn 22:02 <@vpnHelper> "notovpn" is "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 22:04 <@ecrist> meh, I can help 22:05 <@ecrist> forgotten: if you have pf enabled, you should probably know how to allow traffic in to openvpn 22:05 < forgotten> well.. its enabled to just pass everything i believe 22:06 < forgotten> but i'm getting nothing but Connection Refused when connecting my client 22:07 < forgotten> also i thought you had to add Nat rules to allow traffic out via your vpn subnet 22:10 < Olipro> real men use proper routing, not NAT 22:10 < Olipro> but if you don't control the VPN server, fair enough 22:12 <@ecrist> forgotten: pfctl -d 22:12 <@ecrist> that completely disables pf 22:14 < forgotten> i still can't connect via client 22:14 < forgotten> to establish my tunnel on 10.10.10.* 22:16 <@ecrist> !welcome 22:16 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 22:36 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 23:05 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 23:17 -!- SkyNet-1000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn --- Day changed Tue Jan 03 2012 00:05 < forgotten> does openvpn have to create a tun or tap interface? can it use an exsiting ? say like vlan interface? 00:10 -!- Discombobulation [~Discombob@gateway/tor-sasl/discombobulation] has quit [Quit: Leaving] 00:15 <+TJNII> forgotten: The tun/tap interface is the endpoint of the tunnel. It has to be there. You connect it to a physical interface (i.e. a vlan interface) with by bridging (tap) or routing (tun) 00:15 <+TJNII> It's what allows the kernel to pass traffic into/outof the tunnel 00:18 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 00:21 <@vpnHelper> RSS Update - forum: Multiple Server Ports Problem 00:24 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has quit [Ping timeout: 252 seconds] 00:24 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:24 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has quit [Quit: KVIrc 4.0.4 Insomnia http://www.kvirc.net/] 00:25 -!- SkyNet-1000 [~skynet-20@unaffiliated/skynet2000] has quit [Remote host closed the connection] 00:25 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 00:35 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 00:35 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 00:40 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 00:42 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 00:44 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:45 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 00:45 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 00:47 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 00:49 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 276 seconds] 00:49 -!- [1]SigmaProjects is now known as SigmaProjects 01:01 -!- dazo_afk is now known as dazo 01:20 < aegidos> good morning my dear openVPN experts 01:21 < aegidos> how to update from openVPN 2.0.9 to 2.2.2 if package manager on debian etch says: already newest installed? 01:27 < matsim> if you're happy whith what's in debian stable, use it, otherwise, you might have to: Build yourself, or try if you can build the debian sources from wheezy 01:28 < matsim> but I think you're either on a very old debian release or your package manager has a problem, even lenny has 2.1 rc11, squeeze has 2.1.3+Patches 01:34 <@vpnHelper> RSS Update - forum: Help Creating a Configuration File 01:34 -!- aegidos_ [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 01:35 -!- aegidos_ [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 01:35 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Remote host closed the connection] 01:37 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 01:38 < aegidos> maybe this tutorial works if i wget the 2.2.2 version directly from the web http://redes-privadas-virtuales.blogspot.com/2011/12/secure-remote-access-to-home-through.html 01:38 <@vpnHelper> Title: Redes Privadas Virtuales: Secure remote access to home through OpenVPN (I) (at redes-privadas-virtuales.blogspot.com) 01:39 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Remote host closed the connection] 01:39 <@vpnHelper> RSS Update - forum: Assign Public Class C to client1 01:39 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 01:41 < matsim> aegidos: You should first check what debian release you're using :) 01:43 < matsim> 2.0.9 was in debian lenny (Debian 4.0) which is unsupported in terms of security updates anyway 01:44 < matsim> what does 'lsb_release -a' tell you? 01:44 -!- aegidos_ [~admin@tmo-102-59.customers.d1-online.com] has joined #openvpn 01:44 -!- infidel [~coyote@unaffiliated/coyote] has joined #openvpn 01:44 < matsim> aegidos_: did you lose connection or get my message about debian lenny? 01:45 < aegidos_> lost connection ... 01:45 < aegidos_> i only got that i have to check the version 01:45 < aegidos_> i guess its etch 01:45 < aegidos_> but i will check this out 01:45 < matsim> what does 'lsb_release -a' tell you? 01:46 < matsim> because 2.0.9 was last seen in lenny = unsupported in terms of bug/security fixes by debian anyway 01:46 < aegidos_> okay, now its getting hard to get into my vpn 01:46 -!- infidel [~coyote@unaffiliated/coyote] has quit [Read error: Connection reset by peer] 01:46 < aegidos_> i think i have to establish a new connection 01:46 < aegidos_> im shortly away ;-) 01:47 < aegidos_> then i will tell you 01:47 -!- infidel [~coyote@unaffiliated/coyote] has joined #openvpn 01:47 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has joined #openvpn 01:47 < BustyLoli-Chan> Anyone here have a momment to help a poor moron? :D 01:47 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 01:47 -!- aegidos_ is now known as aegidos 01:47 -!- infidel [~coyote@unaffiliated/coyote] has quit [Read error: Connection reset by peer] 01:47 < forgotten> im prolly just as moronic as u :P 01:48 < BustyLoli-Chan> :< sad day 01:48 < forgotten> whats up tho? 01:49 < BustyLoli-Chan> https://forums.openvpn.net/topic9520.html 01:49 < BustyLoli-Chan> this x.x 01:49 <@vpnHelper> RSS Update - forum: automatic reconnect potable openvpn 01:49 <@vpnHelper> Title: OpenVPN Support Forum Help Creating a Configuration File : Scripting and Customizations (at forums.openvpn.net) 01:49 -!- aegidos_ [~admin@tmo-096-197.customers.d1-online.com] has joined #openvpn 01:51 -!- aegidos_ [~admin@tmo-096-197.customers.d1-online.com] has quit [Read error: Connection reset by peer] 01:52 -!- aegidos [~admin@tmo-102-59.customers.d1-online.com] has quit [Ping timeout: 240 seconds] 01:56 <@vpnHelper> RSS Update - forum: Help Creating a Configuration File 01:56 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 01:57 < BustyLoli-Chan> do you think you can fix it? :D 01:57 < aegidos> what was the command i should check the distribution version? 01:57 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 01:57 < matsim> lsb_release -a 02:00 < aegidos> Linux LKGAC6FF3 2.6.18-6-ixp4xx #1 Tue Feb 12 00:57:53 UTC 2008 armv5tel 02:02 < matsim> outch, that must be etch 02:02 < aegidos> lsb_release -a command not found ... 02:03 < matsim> ok, if it's a very small os install, lsb_release can be missing 02:04 < matsim> embedded stuff? - really looks like etch because: http://archive.debian.net/search?lang=de&searchon=names&keywords=linux-image 02:04 <@vpnHelper> Title: Debian -- Ergebnisse der Debian-Paketsuche -- linux-image (at archive.debian.net) 02:04 <+TJNII> hmmm... debian based.... look in /etc/apt/sources.list 02:07 < aegidos> aha i got LKGAC6FF3:~# cat /etc/issue 02:07 < aegidos> Debian GNU/Linux 4.0 \n \l 02:08 <+TJNII> That's unsupported as of Feb 2010 02:08 <+TJNII> You _really_ need to update that 02:10 < BustyLoli-Chan> so is there at least some super awesome guide to writting conf files I can look at somewhere? 02:11 < EugeneKay> !man 02:11 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 02:11 < BustyLoli-Chan> I've looked at it 02:12 < EugeneKay> !book 02:12 <@vpnHelper> "book" is http://www.packtpub.com/openvpn-2-cookbook/book check out JJK's awesome cookbook for openvpn 2! 02:12 < BustyLoli-Chan> let me buy that book 02:12 < matsim> aegidos: I suspect you're running Debian on a kinda small box like a Linksys NSLU2, have fun updating that... 02:12 <@vpnHelper> RSS Update - forum: Road Warrior setup 02:13 < BustyLoli-Chan> to work this open source software who's creators refuse to offer any form of support to me :| 02:14 < BustyLoli-Chan> why you gotta do me like that :< 02:14 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Read error: Connection timed out] 02:15 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 02:16 < BustyLoli-Chan> Okay 02:16 < BustyLoli-Chan> new plan 02:16 < BustyLoli-Chan> who wants 10 dollars :D 02:18 < aegidos> no i guess i need to update from etch to Lenny? 02:18 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 02:18 < BustyLoli-Chan> okay... 02:19 < BustyLoli-Chan> Who wants 20 dollars :D 02:19 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 02:19 -!- mode/#openvpn [+o mattock] by ChanServ 02:20 < matsim> aegidos: Yes, from etch to lenny, from lenny to squeeze 02:21 < matsim> but if it is a NSLU2, it will take hours, I had it as NFS server and it was a pain, even with OpenWRT which is much more slim than debian 02:21 < aegidos> ohoh seems to get very complicated :-D hopefully samba works after patching till squeeze 02:21 < matsim> woul you consider openwrt? 02:21 < aegidos> for sure it IS a NSLU2 :-D 02:23 < matsim> there are pre-compiled images for the slug and openvpn 2.1.4 is in their ipk repository 02:23 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 02:23 < matsim> see: http://downloads.openwrt.org/backfire/10.03.1/ixp4xx_generic/ 02:23 <@vpnHelper> Title: Index of /backfire/10.03.1/ixp4xx_generic/ (at downloads.openwrt.org) 02:28 < BustyLoli-Chan> :O 02:31 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 02:31 < X0Rc0re> hello, i need help configuring OpenVPN on my VPS, would anyone like to help? (i am up to config part, but its not configuring properly :s ) 02:32 < BustyLoli-Chan> Don't bother ask 02:32 < BustyLoli-Chan> channel is full of dicks 02:32 < BustyLoli-Chan> better luck waiting till someone who isn't an asshat is awake 02:32 < BustyLoli-Chan> *asking :3 02:33 < BustyLoli-Chan> If you ask hard enough though I'm sure someone will link you to the web page that has the user manual on it 02:33 < BustyLoli-Chan> or a link to a 20 dollar book on how to use their open source software that will hopefully soon be dead and or dying since the people who don't know how to use it can't get some fucking help 02:34 < BustyLoli-Chan> or a link to a guide that they could actually use to learn 02:35 < matsim> BustyLoli-Chan: Please, it depends how you ask and where, also check out the forums, and reading books sometimes doesn't hurt, really 02:36 < BustyLoli-Chan> I thought I was rather nice at first. I've asked on the forums and have faith that someone would answer my question, but I was hoping to get this up and running relatively quickly 02:37 < matsim> Sometimes idling and waiting helps too on IRC - if someone is around that knows, they will possibly answer to a specific question !generic 02:37 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Read error: Connection timed out] 02:38 < X0Rc0re> BustyLoli-Chan: dont worry, i was in here yeasterday and what i got was this 02:38 < X0Rc0re> !welcome 02:38 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:39 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 02:40 < X0Rc0re> oh and i got this aswell 02:40 < X0Rc0re> !howto 02:40 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 02:40 < X0Rc0re> I mean come on!!! 02:40 < X0Rc0re> i thought this channel was for help? 02:41 < EugeneKay> !configs 02:42 -!- aegidos_ [~admin@tmo-102-175.customers.d1-online.com] has joined #openvpn 02:42 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 02:42 < EugeneKay> !goal 02:42 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 02:42 -!- aegidos_ [~admin@tmo-102-175.customers.d1-online.com] has quit [Remote host closed the connection] 02:42 < EugeneKay> X0Rc0re ^^ 02:42 -!- aegidos_ [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 02:42 <+TJNII> Both of you have yet to ask a specific question. Most of the supporters are in the US or Europe. It is 1:40am where I am, I'm only up because I have insomnia. I don't feel like helping noobs mewing for help with no details. Ask a question that shows you've done some research and understand your problem and you'll get _much_ better help 02:42 < EugeneKay> BustyLoli-Chan - If you're not satisfied, you are entitled to a full refund. 02:42 <+TJNII> I like helping with interesting problems. I don't like hand-holding. 02:42 < X0Rc0re> all i ever get is these commands "!" 02:43 < EugeneKay> X0Rc0re - I've no clue what your problem is. Hence, I ask for your !goal 02:43 < EugeneKay> See also the /topic: | We're not psychic -- please !paste your !configs and !logs and a description of your problem || 02:43 < X0Rc0re> I need help with the server config file 02:43 < EugeneKay> !confgen 02:43 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 02:44 < X0Rc0re> someone already linked that 02:44 < X0Rc0re> im not on linux 02:44 < EugeneKay> bash is not exclusively a linux thing. :-p 02:44 < X0Rc0re> i already have a config file 02:44 < zalzice> X0Rc0re: you should describe more detailed of your problem, not just "i have problem with my computer?" 02:45 < X0Rc0re> but its not showing any output 02:45 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 268 seconds] 02:45 <+TJNII> Windows, I assume? 02:48 < X0Rc0re> yes 02:48 < X0Rc0re> but on a debian box 02:48 < X0Rc0re> VPS 02:48 -!- aegidos_ [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 02:49 <+TJNII> But the server is running in Windows, though, right? 02:49 < EugeneKay> So are you on linux or aren't you? o.O 02:52 < EugeneKay> Oh hey the new year is over. 02:52 -!- mode/#openvpn [+o EugeneKay] by ChanServ 02:52 -!- EugeneKay changed the topic of #openvpn to: Welcome to the OpenVPN community support channel || PLEASE read the entire topic || Current Release: 2.2.2 (22-Dec-2011) || First time here? Use !welcome and !goal || Access Server? /join #openvpn-as || We're not psychic -- please !paste your !configs and !logs and a description of the issue || Your problem is your firewall, really. || Not a native English speaker? Say so, we understand 02:52 -!- mode/#openvpn [+v EugeneKay] by EugeneKay 02:52 -!- mode/#openvpn [-o EugeneKay] by EugeneKay 02:54 < X0Rc0re> the server i running debian 02:55 < X0Rc0re> is* 02:55 < X0Rc0re> i am on a windows box atm 02:55 < X0Rc0re> and my VPS is running debian 02:57 <+TJNII> Check for logs in /var/log. Use grep if you don't know what file to look in. Set "verb 4" in your server .conf file to get (sane) debugging info. make syre to reestart the daemon after editing the config. 02:57 * TJNII goes to bed 02:58 < X0Rc0re> already used grep 02:58 < X0Rc0re> can someone please teamviewer me? 02:58 <+EugeneKay> Not comfortable with the liability issues. 03:00 <@dazo> X0Rc0re: please tell us *what* the problem you have are? "It's not working" is just as helpful as shouting "Somebody farted!" ... and we do need !logs and and !configs ... and we need to see them, with proper log level .... if you can't provide that, please go away 03:00 <+EugeneKay> We need a !psychic factoid 03:00 <@dazo> EugeneKay: got a good text for it? 03:01 <+EugeneKay> The one in the /topic 03:01 -!- tazou [~Guillaume@78.223.143.27] has joined #openvpn 03:01 < tazou> Hello 03:01 < tazou> is a french room for openvpn please? 03:02 <@dazo> tazou: nope, only English here ... don't know about any other openvpn rooms 03:02 < X0Rc0re> http://pastebin.com/E4376Wwa 03:02 < X0Rc0re> http://pastebin.com/YhMs4C7m 03:02 < X0Rc0re> credits to Obama guy 03:02 < tazou> ok dazo thanks 03:02 < X0Rc0re> but i used tun instead 03:02 <@dazo> X0Rc0re: we need *your* configs not somebody elses 03:03 < X0Rc0re> dazo im using those configs 03:03 <@dazo> and we need *your* log files ... with --verb set to 4 03:03 < X0Rc0re> ... 03:03 < X0Rc0re> ok one sec 03:03 < tazou> So, I have a little question. I setup a OpenVPN server on OpenBSD 5.0. It's working good with certificate. I would like to try now with login/pass authentification. So I add this in my server conf file : "auth-user-pass-verify /usr/local/libexec/openvpn_bsdauth via-file" 03:03 < X0Rc0re> use eurephria 03:03 < tazou> And this in my client : "auth-user-pass" 03:04 <@dazo> !learn psychic as We're not psychic -- please !paste your !configs and !logs and a description of the issue 03:04 <@vpnHelper> Joo got it. 03:04 <@dazo> EugeneKay: ^^ 03:04 <+EugeneKay> <3 03:04 < tazou> When I connect, it prompt for login/pass, but when I login, in my log server I have this : "TLS Auth Error: user-pass-verify script failed to execute: /usr/local/libexec/openvpn_bsdauth openvpn_up_a6e5115f2e2890980726601bc731b5d7.tmp" 03:04 < tazou> An idea please ? :) 03:04 < X0Rc0re> how do i cd to my config file? 03:05 <@dazo> ???!!!?? ... you're kidding us, X0Rc0re? 03:05 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:05 < X0Rc0re> nope, im serious 03:05 <+EugeneKay> I don't think I can help you. 03:06 < X0Rc0re> i tried cd/etc/openvpn 03:06 <@dazo> X0Rc0re: cd /etc/openvpn 03:06 <@dazo> gee 03:06 < X0Rc0re> i tried that 03:06 < X0Rc0re> doesn work 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:06 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:06 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:06 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:06 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:07 -!- X0Rc0re [~chatzilla@203-206-101-78.dyn.iinet.net.au] has joined #openvpn 03:07 -!- mode/#openvpn [+b *!*chatzilla@*.dyn.iinet.net.au] by dazo 03:07 -!- X0Rc0re was kicked from #openvpn by dazo [come back when you've learnt to use a computer] 03:07 < reiffert> :) 03:08 < hyper_ch> since when is dazo so mean? 03:08 <+EugeneKay> !read 03:08 <@vpnHelper> "read" is ive been known to overreact when people look for 2 minutes and ask me to explain it to them 03:09 <@dazo> and this is at least the second day in a row where this guy pops up with "please hold my hand" requests 03:09 <+EugeneKay> Mebbeh we need a !handhold 03:10 <@dazo> hehe ... yeah 03:10 < reiffert> you prolly need to reinstate a reiffert. 03:11 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 03:11 < tazou> Do you have an idea for my question please ? (: 03:11 <+EugeneKay> tazou - can you execute the script from the shell? 03:11 < reiffert> tazou: I cant see any questionmark in your last "question". 03:11 <@dazo> tazou: sorry, I got disturbed with other matters 03:12 < tazou> sorry 03:12 < tazou> yes I can : /usr/local/libexec/openvpn_bsdauth -> just return the shell 03:12 <@dazo> tazou: it might be that the script is not executable, that --script-security is not set up correctly or that --tmpdir is not writable for openvpn 03:12 < tazou> not error message like "not executable" 03:12 <@dazo> tazou: and it might be that the script is not executable for the openvpn user 03:13 < tazou> /usr/local/libexec/openvpn_bsdauth: setgid ELF 32-bit LSB executable, Intel 80386, version 1, for OpenBSD, dynamically linked (uses shared libs), stripped 03:13 <@dazo> ahh 03:13 < tazou> -r-xr-s--- 1 _openvpn auth 6196 Aug 17 03:27 /usr/local/libexec/openvpn_bsdauth 03:13 <@dazo> and what about the /usr/local/libexec/ directory? 03:13 < tazou> drwxr-xr-x 2 root wheel 512 Jan 2 15:53 libexec 03:13 <@dazo> tazou: do you do some chrooting? 03:14 < reiffert> "_"openvpn? 03:14 <@dazo> tazou: make sure --script-security is set to 2 or 3 03:15 < tazou> when I'm on chroot with : user:_openvpn and group:_openvpn, I have this error message : TLS Auth Error: could not write username/password to file: openvpn_up_1ad92c7d22bee205a72fb83d9ab525ec.tmp 03:16 < tazou> So, to TRY , I comment the chroot and launch openvon in root (I know it's dirty, but just for test) 03:16 <@dazo> tazou: okay, I'd make sure that --tmpdir is something sensible (it defaults to /tmp on 2.2 on *nix) ... but if you do --chroot, you need $(chroot)/tmp 03:16 < tazou> and in root I have : "TLS Auth Error: user-pass-verify script failed to execute: /usr/local/libexec/openvpn_bsdauth openvpn_up_a6e5115f2e2890980726601bc731b5d7.tmp" 03:16 < tazou> Sorry, my chroot is not activated: #chroot /etc/openvpn/jail 03:17 < tazou> just "user" dans "group" are set to "_openvpn" 03:17 <@dazo> tazou: okay, which openvpn version are you on? 03:17 < tazou> Just to be more clear : http://pastebin.com/SGismbdH my conf file ;) 03:17 < tazou> dazo, OpenVPN 2.1.4 i386-unknown-openbsd5.0 [SSL] [LZO2] built on Aug 16 2011 03:18 < tazou> reiffert, grep openvpn /etc/group -> _openvpn:*:577: _openvpnusers:*:596: 03:19 < tazou> dazo, installed with classic "pkg_add -iv openvpn" 03:19 <@dazo> tazou: you don't have 'script-security 2' in your server config 03:19 < tazou> ha sorry :/ 03:19 < tazou> I must put in ? 03:20 <@dazo> tazou: check the man page and you'll see why ;-) 03:20 < tazou> ok ;) 03:21 < tazou> 2 -- Allow calling of built-in executables and user-defined scripts. 03:21 < tazou> eh! 03:21 <@dazo> ;-) 03:21 < tazou> ok it's add to my conf :) 03:21 < tazou> but the problem is the same :/ 03:22 < tazou> TLS Auth Error: could not write username/password to file: openvpn_up_6815d24f575f8e00ae76412dca2b19a6.tmp 03:22 <@dazo> tazou: now it's write permissions to the tmpdir ... try adding --tmpdir /tmp 03:22 <@dazo> (you would probably want to move that tmpdir to safer place where only _openvpn have read/write access) 03:23 <@dazo> and when you re-enable chroot ... the openvpn_bsdauth (plus required libs + support files) and the tmpdir needs to be moved into the chroot as well 03:24 < tazou> HO YEAH ! TLS: Username/Password authentication succeeded for username 'titi' 03:24 < tazou> dazo, for information : it's "--tmp-dir" on openbsd5 03:25 < tazou> ok dazo 03:25 < tazou> dazo, can I setup --tmp-dir IN my conf file ? 03:26 <@dazo> !-- 03:26 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix must be removed when an option is placed in a configuration file. 03:26 <@dazo> tazou: ^^ 03:26 < tazou> boh ! enormous :) 03:29 -!- CQ [~chatzilla@p4FD0F5A0.dip.t-dialin.net] has joined #openvpn 03:29 -!- CQ [~chatzilla@p4FD0F5A0.dip.t-dialin.net] has left #openvpn [] 03:32 < tazou> Grrr 03:32 < tazou> TLS Auth Error: could not write username/password to file: /etc/openvpn/jail/tmp/openvpn_up_090da9cdea4e8492089ccf74886fe286.tmp 03:32 < tazou> with : 03:32 < tazou> http://pastebin.com/tVwW16HL 03:33 < tazou> and chmod 777 /etc/openvpn/jail/tmp 03:33 < tazou> why ? :/ 03:38 <@dazo> tazou: use --tmpdir /tmp 03:39 < tazou> ok I try 03:39 <@dazo> when you add --chroot /etc/openvpn/jail --tmpdir /etc/openvpn/jail/tmp .... it will try to access /etc/openvpn/jail/etc/openvpn/jail/tmp 03:43 < tazou> So I must do: mkdir -p /etc/openvpn/jail/etc/openvpn/jail/tmp ? 03:44 <@dazo> if you use --chroot /etc/openvpn/jail --tmpdir /etc/openvpn/jail/tmp, then yes .... if you change --tmpdir to /tmp .... you just need /etc/openvpn/jail/tmp 03:45 < BustyLoli-Chan> quit rage quit 03:45 < BustyLoli-Chan> darp 03:45 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has quit [Quit: rage quit] 03:45 < tazou> ok 03:45 < tazou> I try :) 03:46 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 03:47 < tazou> dazo, I'm a little lost :/ http://pastebin.com/JRWVN3zz 03:47 <@dazo> change this one: tmp-dir /etc/openvpn/jail/tmp 03:48 <@dazo> to: tmp-dir /tmp 03:51 <@vpnHelper> RSS Update - forum: Road Warrior setup 03:51 < tazou> ok 03:52 < tazou> dazo, ok I do it, and now I have : TLS Auth Error: user-pass-verify script failed to execute: /etc/openvpn/jail/openvpn_bsdauth /tmp/openvpn_up_d346e429ec0c3c41261464eb233855f9.tmp 03:53 < tazou> ha! maybe openbpn_bsduath need dependencies.. 03:53 <@dazo> tazou: this one is tricky now, as openvpn_bsdauth is probably not statically linked ... so you now will probably need quite some lib files into the chroot 03:53 < tazou> yep :) 03:54 <@dazo> such challenges like this, is why I wrote eurephia as a C plug-in ... to avoid all these script dependencies 03:55 <@dazo> unfortunately, I've not managed to port eurephia successfully to OpenBSD - due to the strictness OpenBSD has compared to FreeBSD 03:56 < tazou> ha ok 03:56 < tazou> grr : LS Auth Error: user-pass-verify script failed to execute: /etc/openvpn/jail/openvpn_bsdauth /tmp/openvpn_up_bb1bb30e61fc8e793d1a4648f623a83c.tmp 03:56 < tazou> I did it : 03:57 < tazou> http://pastebin.com/nvAGxUCh 04:00 < tazou> heu I add this ok : cp /usr/lib/libc.so.60.1 /etc/openvpn/jail/usr/lib/ cp /usr/libexec/ld.so /etc/openvpn/jail/usr/libexec/ 04:01 < tazou> -ok 04:01 -!- ciphergoth [~paul@host238.lshift.net] has quit [Quit: Ex-Chat] 04:01 -!- aegidos [~admin@tmo-103-72.customers.d1-online.com] has joined #openvpn 04:02 -!- aegidos [~admin@tmo-103-72.customers.d1-online.com] has quit [Remote host closed the connection] 04:03 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 04:04 <@dazo> tazou: you probably need to generate /etc/ld.so.cache inside the chroot as well 04:05 < tazou> OOps ! 04:05 < tazou> ldconfig /etc/openvpn/jail/ 04:05 < tazou> /usr/local/sbin/openvpn --config /etc/openvpn/server.conf 04:06 < tazou> /usr/local/sbin/openvpn: can't load library 'liblzo2.so.0.0' 04:06 < tazou> :D 04:11 -!- mode/#openvpn [-b *!*chatzilla@*.dyn.iinet.net.au] by dazo 04:13 -!- CaptainQuirk [~leo@mol92-10-78-236-165-242.fbx.proxad.net] has joined #openvpn 04:13 < CaptainQuirk> Hi there ! 04:13 < tazou> dazo, I reboot my pc, ok for starting openvpn ;) 04:13 < tazou> but, how can I do what you say please ? ( tazou: you probably need to generate /etc/ld.so.cache inside the chroot as well) 04:14 < tazou> hi CaptainQuirk 04:14 < CaptainQuirk> I'm currently configurating openVPN to access a remote server. I have to generate keys and a certificate request to the administrator 04:14 < CaptainQuirk> I have no instruction on where to put this files on my local hard drive 04:14 < CaptainQuirk> what would you recommend ? 04:15 < tazou> on client ? 04:15 < CaptainQuirk> yep 04:16 <@dazo> CaptainQuirk: http://openvpn.net/index.php/open-source/documentation/howto.html#pki ... look at the "Key files" section a bit further down 04:16 <@vpnHelper> Title: HOWTO (at openvpn.net) 04:17 <@dazo> where to put it ... that's up to you ... it all depends on --ca/--key/--cert options in your config 04:17 -!- aegidos_ [~admin@tmo-103-72.customers.d1-online.com] has joined #openvpn 04:19 -!- master_of_master [~master_of@p57B55B06.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:19 -!- aegidos_ [~admin@tmo-103-72.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:19 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Ping timeout: 276 seconds] 04:20 < CaptainQuirk> dazo, a "keys" subdirectory is mentioned but I think it has to do with a directory on the server, not on my machine 04:20 -!- aegidos [~admin@tmo-097-81.customers.d1-online.com] has joined #openvpn 04:20 < CaptainQuirk> from what I read in the sample client config file, the files are located directly in the home directory 04:20 < CaptainQuirk> is it how it should be ? 04:21 -!- aegidos_ [~admin@tmo-103-157.customers.d1-online.com] has joined #openvpn 04:22 <@dazo> CaptainQuirk: you need three files (in addition to the config) on your client ... and you need to modify the config according to your environment ... if there are no paths, in most cases openvpn expects these files to be located where openvpn is started 04:22 -!- master_of_master [~master_of@p57B5383F.dip.t-dialin.net] has joined #openvpn 04:23 < CaptainQuirk> ok, so I could place them anywhere, as long as I put the correct path in the config file. But Is there an admitted standard way to do it 04:23 < CaptainQuirk> ? 04:24 -!- aegidos [~admin@tmo-097-81.customers.d1-online.com] has quit [Ping timeout: 252 seconds] 04:24 -!- aegidos_ is now known as aegidos 04:26 <@dazo> CaptainQuirk: correct 04:27 <+EugeneKay> See also the --cd directive 04:27 < tazou> dazo, do you know how can I do what you say please ? ( tazou: you probably need to generate /etc/ld.so.cache inside the chroot as well) 04:27 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 04:27 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 04:27 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:28 < CaptainQuirk> Ok, so, to foresee the situation where I could have multiple open VPN connections, I should place the files relative to a particular server on a special place 04:28 <@dazo> tazou: I don't know exactly any quick paths ... the only thing which strikes me is to copy over the ldconfig program into the chroot ... and do $ chroot /etc/openvpn/jail/ bin/ldconfig 04:28 <@dazo> or something like that ... 04:29 < CaptainQuirk> and leave the keys in my home, so I can use them for another project, am I right ? 04:30 <@dazo> CaptainQuirk: you can place these files wherever you like ... just make sure the secret files (key files) are kept secret, to avoid potential abuse of these files 04:30 < CaptainQuirk> Dazo, yes, I was merely asking for advise on a logical point of view 04:31 < CaptainQuirk> can I use the ssl keys for several server authentication like it's done through SSH ? 04:31 -!- aegidos [~admin@tmo-103-157.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:31 < tazou> ok dazo thanks 04:32 <+EugeneKay> With a crtain Private Key/Cert combo, you can authenticate into any server which recognizes the CA which signed your cert. 04:33 < CaptainQuirk> ah, ok, but it's not like SSH where you can actually use a key for multiple server authentication 04:33 <@dazo> CaptainQuirk: yes and no ... as this is PKI, the certificate which is signed by the shared trusted third party between you and the openvpn server .... and this client certificate is tightly connected to the client key file .... so as long as the other service recognise the CA which signed the client key, it will work 04:34 <+EugeneKay> The same Key can have multiple Certs. 04:34 <+EugeneKay> The server has to recognize the CA which backs your cert, rather than a list of authorized_keys. 04:34 <+EugeneKay> More centralized-like. 04:35 <@dazo> good point! 04:35 < CaptainQuirk> but as you said, I could use the same key for several projects involving different servers and different CA 04:35 < CaptainQuirk> as long as the CA recognizes the cert I receive for each one, regardless of the key I use 04:47 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 04:47 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 04:48 < CaptainQuirk> where will openvpn look for the config file ? 04:49 <+EugeneKay> The default linux init scripts look in /etc/openvpn/ 04:50 <+EugeneKay> The windows Service looks in %PROGRAM FILES%/openvpn/config/ 04:50 * hyper_ch murmurs: "There is no Windows.... there is now Windows.... there is no Windows...." 04:50 <+EugeneKay> Shush, heretic. 04:51 <+EugeneKay> Or is that me? 04:51 < CaptainQuirk> ok, so, I would have to specify the config file with a command line option to override the default behavior then ? 04:52 <+EugeneKay> Windows? 04:52 < CaptainQuirk> no linux 04:52 < CaptainQuirk> --config I saw in the man page 04:52 <+EugeneKay> That's the 'standard' way to do it, yes. 04:53 <+EugeneKay> The init script is provided for convenience. 04:53 <+EugeneKay> dazo - still there? Just came up with another factoidd 04:54 <@dazo> EugeneKay: bring it on! 04:54 <@dazo> EugeneKay: you might have the power as well 04:54 <+EugeneKay> I didn't, last I tried. 04:54 <+EugeneKay> !add vend as IT VENDS 04:54 <@vpnHelper> Error: The command "add" is available in the BadWords and RSS plugins. Please specify the plugin whose command you wish to call by using its name as a command before "add". 04:54 <+EugeneKay> Er 04:54 <@dazo> learn 04:54 <+EugeneKay> !learn vend as IT VENDS 04:54 <@vpnHelper> Error: You don't have the factoids.learn capability. If you think that you should have this capability, be sure that you are identified before trying again. The 'whoami' command can tell you if you're identified. 04:54 <@dazo> ah, okay 04:55 <+EugeneKay> Anyway 04:55 <+EugeneKay> To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: "C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" --config_dir "C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:56 <+EugeneKay> I'm thinking "winshortcut" 04:56 <+EugeneKay> Or just "shortcut" 04:56 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: "C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" --config_dir "C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:56 <@vpnHelper> Error: No closing quotation 04:57 <+EugeneKay> Go figure. 04:57 <@dazo> grr 04:57 < hyper_ch> hi dazo 04:57 <@dazo> hyper_ch: hey! 04:58 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: "C:\\Program Files (x86)\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe" --config_dir "C:\\path\\to\\config\\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:58 <@vpnHelper> Joo got it. 04:58 <@dazo> !winshortcut 04:58 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe --config_dir C:\path\to\config\ --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 04:58 <@dazo> hah! 04:58 <+EugeneKay> Figures 04:58 <+EugeneKay> Stupid quotes 04:59 <@dazo> nope ... stupid windows requiring backslashes in paths 04:59 <+EugeneKay> Actually, vpnHelper stripped out the quotes 04:59 <+EugeneKay> They're needed in the Target 04:59 <+EugeneKay> So, stupid quotes ;-) 05:00 <@dazo> oh true 05:00 <@dazo> !forget winshortcut 05:00 <@vpnHelper> Joo got it. 05:00 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\\Program Files (x86)\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe\" --config_dir \"C:\\path\\to\\config\\\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:00 <@vpnHelper> Joo got it. 05:00 <@dazo> !winshortcut 05:00 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\\Program Files (x86)\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe\" --config_dir \"C:\\path\\to\\config\\\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:01 <@dazo> duh 05:01 <+EugeneKay> xD 05:01 <@dazo> stupid quotes! 05:01 <@dazo> !forget winshortcut 05:01 <@vpnHelper> Joo got it. 05:01 <@dazo> !learn winshortcut as To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:01 <@vpnHelper> Joo got it. 05:02 <@dazo> !winshortcut 05:02 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 05:02 <+EugeneKay> Closer :-p 05:02 * dazo don't care any more ... this is close enough! :-P 05:03 <@dazo> not even is Windows a pain in the a*** when it comes to the support code we need in the source tree ... it's even a pain with vpnHelper/factoids 05:04 <+EugeneKay> Welcome to Windows, fuck you. 05:04 < tazou> thanks dazo for your help, good food and see you this afternoon :) 05:04 <@dazo> tazou: you got further? 05:04 < tazou> i don't understand :/ 05:05 < tazou> dazo, what do you mean ? 05:07 <@dazo> tazou: you managed to make it work with your chroot? 05:08 < tazou> not at all .. 05:08 < tazou> i'll try again this afernoon ;) 05:08 < tazou> afternoon* 05:08 < tazou> see you 05:08 -!- tazou [~Guillaume@78.223.143.27] has quit [Quit: Quitte] 05:10 -!- benste [~benste@41.3.3.225] has joined #openvpn 05:10 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 05:10 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Remote host closed the connection] 05:10 -!- voidzero is now known as vocis 05:12 < benste> hi , using the example I'm connected to my TUN server, got an IP which is 10.8.0.6 and points to a 10.8.0.5 tunnel - even though the VPN connection was succesful I can't even ping my server neither setup routing for internet 05:20 -!- benste [~benste@41.3.3.225] has quit [Ping timeout: 244 seconds] 05:25 -!- rjd_ [rjd@x64.pin.se] has joined #openvpn 05:31 < rjd_> hi. Just setup a simple server/client openvpn, and client and server can reach each other. Now trying to route packets from a LAN neighbor of the client to the LAN network (address) of the server, and I can see that the packet goes out the tun device of the 'client', but I don't see the corresponding packet on the 'server'. All iptables rules are ACCEPT (default policy), and ip forwarding on all interfaces is 1. 05:32 < rjd_> This leads me to think that I may need something in the openvpn config to allow this 05:32 < rjd_> configs at http://pastebin.com/ARdbDNGi 05:32 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 05:33 -!- aegidos [~admin@tmo-103-32.customers.d1-online.com] has joined #openvpn 05:33 < aegidos> can openvpn handle preshared keys in the config-File instead of certificates? 05:34 -!- benste [~benste@41.5.209.26] has joined #openvpn 05:34 < aegidos> there is a possibility for my router (Fritz 7170) to setup an VPN node. 05:35 < benste> !welcome 05:35 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 05:35 < aegidos> i want to connect to this node via Tunnelblick instead of the Snowleopard VPN Client (Cisco) 05:36 < benste> aegidos: sorry - did that for myself :) 05:36 < aegidos> okay :-D 05:36 < benste> iirc fritbox supports ipsec VPn only 05:36 < benste> !goal > benste 05:37 < aegidos> thanks 05:37 < aegidos> i will join a fritzbox channel that might be wrong in here :-D 05:37 < benste> !goal | benste 05:37 < aegidos> its more tunnelblick issue 05:37 < benste> aegidos: I'm not to sure 05:37 < benste> if it's about openvpn you might be right here 05:37 < benste> just take a look which kind of VPN it is 05:38 < benste> !goal 05:38 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 05:38 < aegidos> okay hopefully i can determine this 05:38 < benste> aegidos: you'll find it in the fritzbox interface 05:39 < benste> !redirect 05:39 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 05:39 < benste> !ipforward 05:39 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 05:39 < benste> !linipforward 05:39 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 05:39 < aegidos> okay than i have to reboot because the cisco vpn client conf which is coming natively with OSX 10.6.8 is buggy 05:39 < aegidos> coming back soon 05:40 < benste> aegidos: 05:40 -!- aegidos [~admin@tmo-103-32.customers.d1-online.com] has quit [Quit: aegidos] 05:41 < benste> !nat 05:41 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 05:42 < benste> !linnat 05:42 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 05:42 -!- aegidos [~admin@tmo-102-62.customers.d1-online.com] has joined #openvpn 05:43 < benste> aegidos: cisco VPN is another type of vpn iirc icompatible with openvpn 05:43 < aegidos> hy benste 05:43 < aegidos> oh incompatible is bad 05:44 < benste> :-) 05:44 < aegidos> but if the ipsec VPN of the fritzbox is working im not sure if i need openvpn longer 05:44 < benste> take a look at wikipedeia for the pro / con 05:45 < rjd_> furthermore: I see the encapsulated pings on 'servers' eth0, but not when tcpdumping the tun(1) interface.. 05:45 -!- aegidos [~admin@tmo-102-62.customers.d1-online.com] has quit [Remote host closed the connection] 05:45 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 05:46 < benste> @all -- if i want to NAT my VPN net to my internet which is on my Ppp0 does i need to change eth0 to ppp0 ? - or does it for iptables just mean were it's coming from ? 05:47 < benste> sorry got the man :) 05:47 < benste> -o = output 05:48 < rjd_> What do I have to do to allow -> client -> server -> ? I have forwarding, static routes, I see the (icmp) packets in the tun interface of the client, but not on the server (although I do see a corresponding encapsulated vpn packeton the servers eth0). 05:50 < aegidos> yes fritz uses IPSec ! 05:50 < aegidos> okay not sure if tunnelblick is capable to handle this because in ipsec we have no certificates 05:56 <+EugeneKay> Well, except for the part where it does. 05:57 <@dazo> aegidos: I don't think tunnelblick supports anything else than openvpn 05:57 < benste> aegidos: try it :) 05:57 < benste> btw. in the meantime my DNS is resolved, but i don't get a ICMP or HTTP response via my runnel 05:57 < benste> tunnel 05:57 <@dazo> !ipsec 06:01 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Quit: aegidos] 06:02 -!- benste [~benste@41.5.209.26] has quit [Ping timeout: 255 seconds] 06:05 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 06:06 -!- rasyid7 [~3333@69.163.36.67] has left #openvpn [] 06:06 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 06:07 -!- tazou [~Guillaume@78.223.143.27] has joined #openvpn 06:07 < tazou> hi again 06:07 < tazou> dazo, have a good food ? :) 06:08 <@dazo> not yet :) 06:08 <@dazo> (need it soon, though) 06:10 < tazou> hihi 06:11 < tazou> do you have some time for my openvpn chroot please ? 06:16 < tazou> dazo, * 06:17 <@dazo> tazou: shoot! 06:17 < tazou> boom ! (: 06:17 < tazou> ok 06:17 < tazou> so 06:18 < tazou> with chroot I have not error message 06:18 < tazou> just the authentification failed 06:18 < tazou> like this : 06:18 < tazou> TLS Auth Error: Auth Username/Password verification failed for peer 06:18 < tazou> but without chroot with the SAME login/pass it works 06:19 <@dazo> tazou: maybe you need the password db into the chroot as well? 06:20 < tazou> ha 06:20 <@dazo> I'm not familiar with the BSD auth regime, so I don't know how that really works .... and OpenBSD is the only one using it these days, iirc 06:32 < hyper_ch> dazo: are you a voip professional? 06:33 <@dazo> hyper_ch: nope ... I barely know what voip is 06:33 < hyper_ch> awwww :( you make me sad 06:33 <@dazo> hyper_ch: krzee knows more about that, I believe 06:33 < hyper_ch> he does 06:33 < hyper_ch> probably 06:34 < tazou> dazo, I copy this files http://www.openbsd.org/faq/faq10.html#vipw but the authentification fail again... An idea ? :) 06:34 <@vpnHelper> Title: 10 - System Management (at www.openbsd.org) 06:35 <@dazo> tazou: no, not really ... you probably need to strace (or whatever the bsd approach is) to see what this openvpn_bsdauth process tries to access 06:36 < tazou> dazo, strace /usr/local/sbin/openvpn --config /etc/openvpn/server.conf ? 06:36 <@dazo> tazou: yeah 06:36 < tazou> ok 06:36 < tazou> dem! strace: command not found :D 06:37 <@dazo> openvpn is a single threaded process, so it's fairly simple to debug this way 06:37 < tazou> openBSD uses ktrace and kdump instead of strace. 06:37 < tazou> ;) 06:37 <@dazo> ahh! true 06:37 < tazou> oki:) 06:38 < tazou> it log nothinf 06:38 < tazou> but I increase "verb" to 9 06:39 < tazou> :p 06:41 < tazou> erf, no more interresting informations... 06:45 < tazou> I think i'll not chroot my openvpn 06:47 < tazou> dazo, Do you know other Windows OpenVPN GUI, more user friendly that http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe ? 06:50 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: Connection reset by peer] 06:50 < tazou> Like this http://www.vpnsecure.me/support/windows/ (screenshot at bottom) 06:50 <@vpnHelper> Title: Windows: VPNSecure OpenVPN Encrypted VPN Setup | VPN Secure Networks (at www.vpnsecure.me) 06:51 <+EugeneKay> openvpn-gui *is* the user-friendly one. 06:51 < tazou> hihi :) 06:51 <+EugeneKay> Not sure wtf they're doing, but there is no such thing as "openvpn pptp" 06:56 < tazou> ;) 07:00 <@dazo> tazou: there are a few gui's circulating ... I would say that openvpn-gui is user-friendly, but not good/sleek looking .... and there is a developer working on improving the gui and the interactions for openvpn to integrate better into Windows 07:01 < tazou> ah ok 07:01 <@dazo> and the strength of the openvpn-gui, is that it uses plain config files .... not trying to guificate all the features openvpn supports, as that would make it much less user friendly, as openvpn is very feature rich and incredibly flexible 07:02 < tazou> yeap 07:02 <@dazo> tazou: here's a list over GUI's we've stumbled over or been pointed at ... https://community.openvpn.net/openvpn/wiki/RelatedProjects#WindowsclientGUI 07:02 <@vpnHelper> Title: RelatedProjects – OpenVPN Community (at community.openvpn.net) 07:02 < tazou> ho thanks dazo :) 07:10 -!- bwallen [~bwallen@static-108-28-88-66.washdc.fios.verizon.net] has quit [Quit: Ex-Chat] 07:16 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Excess Flood] 07:21 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 07:38 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 07:50 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 07:52 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 08:15 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:15 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:15 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:15 -!- mode/#openvpn [+v Axeman] by ChanServ 08:16 -!- _Danilo_ [~Danilo@unaffiliated/danilo/x-728421] has left #openvpn ["Sto andando via"] 08:18 -!- Mainz [~Mainz@187.37.73.134] has joined #openvpn 08:21 < Mainz> !welcome 08:21 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 08:22 < Mainz> !goal 08:22 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 08:27 < Mainz> Hello there, I'm trying to implement an OPENVPN server to provide access to my office LAN for remote users, and even after reading the guides from the site and comparing the config file to the sample in the page, I couldn't figure out what is going on... can someone help me? 08:29 < Mainz> The service is running in a Linux environment, I can telnet to the openvpn administration port, but can`t telnet to localhost port defined in the config file.. this could be a firewall issue? 08:29 <+EugeneKay> It could be a lot of things. 08:29 <+EugeneKay> If you're using UDP, you wouldn't be able to telnet to it. 08:30 <+EugeneKay> And you ought to be using UDP. 08:31 < Mainz> tks, I'm using UDP, but the client remains only in Connecting.. 08:31 <+EugeneKay> !logs 08:31 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 08:31 <+EugeneKay> !configs 08:31 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 08:32 < Mainz> just a sec. 08:34 -!- rjd_ [rjd@x64.pin.se] has left #openvpn [] 08:34 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 08:51 -!- schlitzer|freihe [~schlitzer@212.144.228.122] has joined #openvpn 08:51 < schlitzer|freihe> hey all 08:52 < schlitzer|freihe> i´m using openvpn in tap mode. everything is working fine. but there is one thing... is there a way to automatically add the tap device to a bridge? 08:54 < schlitzer|freihe> with tinc vpn i have a tinc-up script that is doing something like this: ifconfig $INTERFACE up; brctl addif br0 $INTERFACE 08:54 < schlitzer|freihe> can i do something similar with openvpn? 08:55 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 08:58 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:03 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 09:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 09:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 09:14 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 09:20 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Remote host closed the connection] 09:20 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 09:26 <@vpnHelper> RSS Update - forum: Subnet Conflicts 09:28 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Ping timeout: 252 seconds] 09:36 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 09:40 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Client Quit] 09:40 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 09:41 -!- gladiatr [~sdspence@160.15.124.24.cm.sunflower.com] has joined #openvpn 10:01 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 10:17 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 10:22 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 10:22 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 10:26 -!- forgotten [forgotten@is.undroppable.co.uk] has left #openvpn [] 10:27 -!- dazo is now known as dazo_afk 10:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 10:41 -!- Mainz [~Mainz@187.37.73.134] has quit [] 10:48 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Quit: aegidos] 10:50 <@vpnHelper> RSS Update - forum: Layer 2 bridging not working 11:05 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 11:08 -!- Duryodhan [Duryodhan@117.225.70.168] has joined #openvpn 11:18 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 11:18 < jkyle> !welcome 11:18 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:19 < jkyle> nevermind, my problem is the firewall 11:19 * jkyle is joking 11:21 < jkyle> Does openvpn support single use authentication schemes? 11:21 < jkyle> I'm skimming/searching over the docs and haven't run across it yet 11:27 -!- gladiatr [~sdspence@160.15.124.24.cm.sunflower.com] has quit [Ping timeout: 248 seconds] 11:29 -!- tazou [~Guillaume@78.223.143.27] has quit [Quit: Quitte] 11:29 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:29 -!- mode/#openvpn [+o raidz] by ChanServ 11:30 -!- schlitzer|freihe [~schlitzer@212.144.228.122] has quit [Quit: Leaving] 11:40 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has joined #openvpn 11:41 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 11:46 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:52 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 11:52 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 11:57 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 12:01 <@ecrist> jkyle: yes, but no 12:01 <@ecrist> openvpn doesn't do the authentication, it can call a script to do the authentication 12:01 <@raidz> ecrist! I keep seeing you on xblive, I got to get you in a party with my bro and I 12:01 < jkyle> 3rd party plugins and RADIUS eh? 12:01 <@raidz> we just got a 36 win streak the other day :-D 12:02 <@raidz> Although I might get banned for a few days because I am using a rapidfire remote not, hah 12:03 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 12:05 <@ecrist> nice, raidz 12:07 <@ecrist> next time you see me online, hit me up, usually myself, my buddy, and my son 12:07 <@raidz> Sweet, when are you usually on ecrist? 12:07 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 12:07 <@ecrist> this week, likely not at all 12:07 <@ecrist> gotta clean the house to get it ready to sell 12:09 <@raidz> moving? 12:09 <@ecrist> yes 12:09 <@raidz> Same area different house? 12:09 <@ecrist> we live in the hood, and I'm tired of dodging bullets 12:09 <@ecrist> different area, different house (since I own a real house, and not one that is of a 'mobile' persuasion) 12:09 <@raidz> haha 12:10 <@ecrist> I imagine people who own trailer homes, when they pack, just close the doors and lock them. 12:10 <@raidz> haha 12:11 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 12:11 <@raidz> ecrist: you have a son? 12:12 <@ecrist> yes, 10 12:12 < kbarry> I'm reading thru this http://www.dd-wrt.com/wiki/index.php/VPN_%28the_easy_way%29_v24%2B#Creating_Certificates_Using_Easy_RSA_in_Windows and i am wondering if i should be actually generating the keys using a specific computer? OpenVPN is on my router, and I wanted to set up clients. Do i create the keys using the router? 12:12 <@vpnHelper> Title: VPN (the easy way) v24+ - DD-WRT Wiki (at www.dd-wrt.com) 12:12 <@ecrist> and a daughter 12:12 <@raidz> wow dude, I didn't know you were that old :-p 12:13 <@ecrist> heh, 32 12:13 <@raidz> *ducks* 12:13 <@raidz> Oh, you aren't 12:13 <@raidz> you had them young! 12:13 <@ecrist> that's called good planning 12:13 <@ecrist> at this rate, my kids will both be out of my house by the time I turn 50 12:13 <@ecrist> party on garth 12:14 <@raidz> hahaha, wish I thought of that 12:14 <@ecrist> and, actually, when I turn 50, my daughter will be either 2 years through college, or 2 years not living at home 12:14 <@ecrist> ;) 12:14 <@raidz> so no matter what she is out at 18? 12:15 -!- deever [~deever@78.46.68.172] has left #openvpn [] 12:20 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has joined #openvpn 12:27 <@ecrist> raidz: that's the idea, now 12:27 <@ecrist> I moved out at 17 12:28 <@raidz> did you goto college? 12:29 < aegidos> what's the newest debian version with ovpn runnin ? 12:29 < aegidos> !debian 12:29 <@vpnHelper> "debian" is Although we are aware the Debian stable package repository has OpenVPN 2.1rc11, to offer support, we require users to run the current version of OpenVPN. See !download for information on where/how to obtain a recent release. 12:29 < aegidos> !download 12:29 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 12:34 <@ecrist> raidz: no 12:34 <@ecrist> aegidos: openvpn has it's own repositories now, but I don't remember the info 12:34 <@raidz> awesome, I love seeing smart people who have good jobs and didn't get sucked into student loans 12:35 <@ecrist> aegidos: https://community.openvpn.net/openvpn/wiki/OpenvpnAptRepos#Usingrepos.openvpn.net 12:35 <@vpnHelper> Title: OpenvpnAptRepos – OpenVPN Community (at community.openvpn.net) 12:35 < aegidos> thanks ecrist 12:36 -!- gladiatr [~sdspence@135.15.124.24.cm.sunflower.com] has quit [Changing host] 12:36 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 12:40 < kbarry> Do i need to generate the keys on the router? 12:41 < rawplayer> generate the keys on a offline device 12:49 -!- rudenstam [~smartnude@pdpc/supporter/student/rudenstam] has joined #openvpn 12:49 -!- CaptainQuirk [~leo@mol92-10-78-236-165-242.fbx.proxad.net] has quit [Quit: Leaving] 12:50 < rudenstam> hello, are there any known problems with openvpn and hibernation? I'm using windows7... After I have hibernated the win7 client and woke it up again the vpn connection is never restored.. 12:50 <@ecrist> yes 12:50 <@ecrist> are you running 2.2.2? 12:50 <@ecrist> I think there were/are some fixes in there for it. 12:50 < rudenstam> let me boot that laptop and find out... ;) 12:54 < rudenstam> OpenVPN 2.2.2 built on Dec 15 2011 12:56 < rudenstam> ecrist: so seems I'm using 2.2.2 on the win client... using 2.1.3 on the linux server, should it matter? 12:57 <@ecrist> server shouldn't matter, it's a problem with the windows gui 12:59 < rudenstam> ecrist: should it work better if I run without the gui? 12:59 < rudenstam> think I saw that you can install it without GUI and just have it run as service? 13:00 <@ecrist> I don't know, rudenstam, just commenting based on conversation I've been privy to. I don't use windows. 13:01 < rudenstam> ah.. alright... if you got any more ideas, or if anyone else has... please send them my way 13:04 <@ecrist> rudenstam: have you searched google, or the mailing list? 13:04 -!- lusis [u2537@gateway/web/irccloud.com/x-qssekjifawkonkrd] has quit [Remote host closed the connection] 13:04 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-qzqfuzytiymrpupv] has quit [Remote host closed the connection] 13:05 < rudenstam> ecrist: a bit.. looking more thorouly at it now.. 13:15 -!- lusis [u2537@gateway/web/irccloud.com/x-opglpxhhlkmspano] has joined #openvpn 13:21 < rudenstam> ecrist: found the ticket for it now.. https://community.openvpn.net/openvpn/ticket/71 .... will try the task scheaduler trick mentioned in comments.. 13:21 <@vpnHelper> Title: #71 (Windows 7 (and Vista) - tunnel fails after resume from Sleep/Standby) – OpenVPN Community (at community.openvpn.net) 13:23 <@ecrist> ah, I knew there was something somewhere 13:24 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-mtnanhmunfyuvqza] has joined #openvpn 13:41 <@vpnHelper> RSS Update - forum: decrypt openvpn ssl traffic with wireshark 13:41 < kbarry> i need/want to remake the first coupel of keys i made. 13:42 < kbarry> i was using the easy RSA on windows. 13:42 < kbarry> using the command build-key [name] but i want to remake the first keys i made. It was asking for a challenege password and i'd preffer not to have one. 13:45 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 13:45 <@ecrist> kbarry: then just press enter 13:45 < kbarry> do i just delete the .key, .csr and .crt files and start over? 13:46 < kbarry> (i make client1 - client3 and 13:49 < kbarry> now i want to redo them. do i just delete those files and the build-key client1, etc? 13:57 -!- Duryodhan [Duryodhan@117.225.70.168] has quit [Ping timeout: 248 seconds] 14:00 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 14:03 < rudenstam> ecrist: the task scheduler disable/enable trick helped 14:09 <@ecrist> can you comment on that in the ticket, please? 14:11 < rudenstam> ecrist: the workaround is the one that adapted cat describes in the ticket, so don't think there's any comment needed? 14:11 < rudenstam> I don't really have anything to add except "it worked" 14:11 <@ecrist> ok 14:13 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 14:14 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Ping timeout: 240 seconds] 14:24 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 14:24 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0/20111104165243]] 14:25 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 14:31 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 14:31 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 14:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:31 -!- mode/#openvpn [+v Axeman] by ChanServ 14:33 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:35 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Read error: No route to host] 14:35 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 14:41 -!- Morpheus [~Snake@217.16.178.248] has joined #openvpn 14:45 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 14:47 -!- Morpheus [~Snake@217.16.178.248] has quit [Quit: Leaving] 14:50 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 14:50 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 15:04 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 15:04 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 15:09 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Ping timeout: 268 seconds] 15:15 -!- aegidos [~admin@p54B5B0E2.dip.t-dialin.net] has quit [Quit: aegidos] 15:15 -!- iGENIUS [~iGENIUS@189-112-140-106.static.ctbctelecom.com.br] has joined #openvpn 15:16 < iGENIUS> is there a way to install an openvpn server on linux and connect to it as a client through windows? 15:20 < krzee> yes 15:20 <@vpnHelper> RSS Update - forum: TAP UDP bridge questions for games networking. 15:20 < krzee> just like you would with any other OS's 15:29 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:33 -!- danielsh [~danielsh@apache/committer/danielsh] has joined #openvpn 15:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 15:35 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 15:36 < danielsh> Looking into configuring fail2ban for openvpn. 15:36 < danielsh> failregex = ^%(__prefix_line)sTCP connection established with :\d*$ 15:36 < danielsh> ^%(__prefix_line)sTCPv4_SERVER link remote: :\d*$ 15:37 < danielsh> ^^^ is that a good setting? Not sure what's the best thing to watch the logs for. 15:44 -!- rudenstam [~smartnude@pdpc/supporter/student/rudenstam] has left #openvpn [] 15:46 -!- Agin [~Agin@greenzone.copyleft.no] has quit [Ping timeout: 240 seconds] 15:51 -!- benjamino [~benjamino@67.136.148.138] has joined #openvpn 15:52 -!- benjamino [~benjamino@67.136.148.138] has left #openvpn [] 15:52 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 15:52 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:54 -!- Novae [~Novae@unaffiliated/novae] has quit [Ping timeout: 252 seconds] 15:58 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 16:09 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 16:10 <@ecrist> danielsh: not really sure, you'd have to ask the fail2ban folks 16:12 < danielsh> ecrist: Sorry, let me phrase this question again without involving fail2ban: 16:12 < danielsh> What's a good way to cause openvpn to log every IP that tries to connect and authenticate to it? 16:14 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 16:14 <@ecrist> verb 4 16:14 <@ecrist> in the server config 16:14 < danielsh> assume I have an oracle for the "monitor the logs, extract IP's from them, and rate limit them". 16:14 * danielsh tries 16:14 <@ecrist> or, tcpdump 16:15 < danielsh> Interesting approach, there. 16:15 < danielsh> It's a freebsd server, so I can use pflog 16:15 <@ecrist> that's what I'd do 16:15 < danielsh> Have it log every first packet on the TCP conn 16:15 < danielsh> and rate limit that 16:15 * ecrist freebsd guy 16:15 < danielsh> ecrist: thanks, that's a good trick to remember 16:15 * ecrist points to his cloak 16:16 * danielsh was already checking the cloak :) 16:16 <@ecrist> ;) 16:18 < danielsh> ecrist: /var/log/messages does not look any different with 'verb 4' 16:18 < danielsh> There's a screenful of messages when openvpn boots, 16:18 < iGENIUS> i'm trying out a tutorial on youtube, however i don't see any tun0 listed on the ifconfig output, can someone tell me how the server and route addresses in this config would look like? http://pastebin.com/rBSaD2ta http://pastebin.com/BMHNxj66 16:18 < danielsh> but the same 3 lines upon a connection 16:18 < danielsh> Jan 4 00:17:32 t1 openvpn[4094]: TCP connection established with 192.114.23.210:15718 16:18 < danielsh> Jan 4 00:17:32 t1 openvpn[4094]: TCPv4_SERVER link local (bound): [undef]:993 16:18 <@ecrist> it's not going to be in /var/log/messages 16:18 < danielsh> Jan 4 00:17:32 t1 openvpn[4094]: TCPv4_SERVER link remote: 192.114.23.210:15718 16:18 < danielsh> Jan 4 00:17:42 t1 openvpn[4094]: Peer Connection Initiated with 192.114.23.210:15718 16:18 <@ecrist> depending on your config 16:19 < danielsh> Ahh, so I need to add a log-append directive too? 16:22 < danielsh> no difference 16:23 < danielsh> verb 4 16:23 < danielsh> log-append /tmp/foo 16:23 <@ecrist> try verb 5 16:23 < danielsh> if it matters it's not in --mode server atm. 16:23 <@ecrist> well, it's doing what it's supposed to 16:23 -!- iGENIUS [~iGENIUS@189-112-140-106.static.ctbctelecom.com.br] has quit [] 16:24 <@ecrist> > Jan 4 00:17:32 t1 openvpn[4094]: TCP connection established with 192.114.23.210:15718 16:24 <@ecrist> that looks right to me 16:24 < danielsh> software tends to behave that way 16:24 < danielsh> yeah, but I get that even without the --verb directives 16:24 <@ecrist> what more are you looking for? 16:25 < danielsh> Dunno 16:25 < danielsh> I saw this before I asked anything here 16:25 < danielsh> I thought you were saying there are other logged things, if I crank up the --verb 16:25 < danielsh> so was looking for those 16:26 < danielsh> (no major difference with verb=5) 16:26 <@ecrist> there are 16:26 <@ecrist> verb 5 is what we seek to troubleshoot 16:28 < danielsh> well, ack 16:29 < danielsh> but afaics I don't get more log entries with the connecting IP in them with verb 5, compared to no --verb at all 16:29 < danielsh> OpenVPN 2.2.1 amd64-portbld-freebsd8.2 [SSL] [LZO2] [eurephia] built on Dec 4 2011 16:29 <@ecrist> I'm not sure what you're acutally looking for. 16:29 < danielsh> Logging the IP of someone who tries to connect 16:30 < danielsh> even if they failed to authenticate 16:30 < danielsh> Given that, I'll have fail2ban watch the log files and IP ban anyone who tries to enumerate passwords or whatever. 16:30 * danielsh (I use key-based authentication) 16:31 <@ecrist> honestly, I'd use tcpdump 16:31 <@ecrist> tcpdump -n -e -tttt -i pflog0 upd port 1194 16:31 <@ecrist> but I'm sure you know all that 16:35 < danielsh> could figure it out, probably. 16:35 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 16:35 < danielsh> I don't remember the tcpdump flags by heart yet :( 16:36 <@ecrist> neither do I, but _quadDamage does 16:36 <@ecrist> ;) 16:36 <@ecrist> fwiw, I have a couple aliases on my bsd boxes you may find useful 16:36 <@ecrist> alias: showpfrt not found 16:36 <@ecrist> grr 16:37 <@ecrist> ecrist@swordfish:~-> alias showpfrt 16:37 <@ecrist> tcpdump -n -e -tttt -i pflog0 16:37 <@ecrist> ecrist@swordfish:~-> alias showpflog 16:37 <@ecrist> tcpdump -n -e -tttt -r /var/log/pflog 16:37 < danielsh> nice 16:38 < danielsh> so those just dump pflog 16:38 < danielsh> FWIW, at this point I wonder how to connect fail2ban to tcpdump 16:38 <@ecrist> showpflog does, showpfrt dumps the pflog0 interface 16:38 < danielsh> *nod* 16:38 <@ecrist> assuming you're using one 16:38 < danielsh> fail2ban wants a file, 16:38 <@ecrist> a file can be stdin, afaik 16:39 < danielsh> ahh, that was my next questino 16:39 < danielsh> if it can watch a process output too 16:39 <@ecrist> just use a single hyphen 16:39 < danielsh> Err, stdin of what? 16:39 < danielsh> fail2ban runs as daemon 16:39 <@ecrist> grep foobeans - 16:39 <@ecrist> if you start typing, it'll repeat foobeans but nothing else. ;) 16:40 < danielsh> Yeah I know that 16:40 < danielsh> but fail2ban doesn't have a stdin 16:40 <@ecrist> that's really still a fail2ban thing 16:40 <@ecrist> we're in #openvpn 16:40 <@ecrist> ;) 16:40 < danielsh> this time you're right. :P 16:40 < danielsh> thanks much ecrist 16:40 <@ecrist> np 16:40 < danielsh> that was a very helpful 10*n minutes 16:41 <@ecrist> heh, one of my better moments then 16:41 <@ecrist> oh, I must have forgotten 16:41 <@ecrist> 16:41 <@ecrist> tits or gtfo 17:10 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 17:21 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 17:33 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 17:35 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 17:56 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has joined #openvpn 17:56 -!- tabakhase [t4b4kh453@rps9289.ovh.net] has quit [Changing host] 17:56 -!- tabakhase [t4b4kh453@unaffiliated/tabakhase] has joined #openvpn 18:06 -!- speakman [~daniel@unaffiliated/speakman] has quit [Ping timeout: 252 seconds] 18:24 < vocis> b00bs 18:38 < dioz> what about them? 18:41 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 18:41 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 18:41 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 18:41 -!- newl [~newl@97.75.165.156] has joined #openvpn 18:43 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Ping timeout: 240 seconds] 18:46 <@vpnHelper> RSS Update - forum: Hope you can find a solution to this :) 18:57 -!- Denial [Denial@drgi.co.uk] has quit [] 19:02 -!- speakman [~daniel@h-181-147.a166.corp.bahnhof.se] has joined #openvpn 19:02 -!- speakman [~daniel@h-181-147.a166.corp.bahnhof.se] has quit [Changing host] 19:02 -!- speakman [~daniel@unaffiliated/speakman] has joined #openvpn 19:08 -!- _julian [~quassel@hmbg-5f767116.pool.mediaWays.net] has joined #openvpn 19:12 -!- _julian_ [~quassel@hmbg-4d06d37e.pool.mediaWays.net] has quit [Ping timeout: 255 seconds] 19:15 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Ping timeout: 240 seconds] 19:16 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 19:16 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 19:16 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:21 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 19:51 -!- nutcase_ [~nutcase@ir0nic.com] has joined #openvpn 19:59 -!- nutcase_ [~nutcase@ir0nic.com] has quit [Quit: BAI] 20:02 <@vpnHelper> RSS Update - forum: we are looking for a heads up on issues we would encounter. 20:03 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 20:05 -!- nutcase_ [~nutcase@ir0nic.com] has joined #openvpn 20:06 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Max SendQ exceeded] 20:08 -!- kbarry [~chatzilla@adsl-66-138-57-209.dsl.bumttx.swbell.net] has joined #openvpn 20:08 < kbarry> h 20:08 < reiffert> ö 20:09 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 20:10 -!- nutcase_ [~nutcase@ir0nic.com] has quit [Client Quit] 20:10 < kbarry> I've just established connection to a router i configured at work. 20:10 < kbarry> I'm at home now testing it, 20:10 < kbarry> Ran the gui, have made connection but i can't ping anything on my network at work (10 20:10 < kbarry> 10.0.0.x 20:11 < kbarry> home is 192.168.0.x 20:11 < kbarry> the VPN tells me my ip on it is 192.168.2.200 20:11 < kbarry> Forgive me for being such a VPN newb, but i'm a little stumped. 20:12 < kbarry> i can't "see" anything on the other side of the VPN device. 20:13 < kbarry> I notice i don't ahve a gateway on my VPN connection (ipconfig /all) does that matter? 20:20 < dioz> pastebin your configs 20:30 < kbarry> dioz what do you mean? 20:31 < kbarry> http://pastebin.com/7xyvv17L 20:32 < dioz> gonna have to tell the machine where 10.0.0.0 is 20:34 < kbarry> 10.0.0.x is my office lan. 20:35 < kbarry> the VPN server running on a router is at the config ip. 20:35 < kbarry> that device is also the DHCP for 10.0.0.x 20:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 20:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 20:37 -!- newl is now known as new1 20:37 < dioz> i don't know anything about your router 20:38 -!- new1 is now known as newl 20:39 < kbarry> Forgive me. I appriate the help, but i don't know if i know what question to ask. 20:39 < kbarry> I'm getting connected to the VPN, but i don't know how to "see" anything thats behind it. 20:40 < kbarry> Maybe i haven't setup the VPN connection properly, and its looking for the ip's i'm trying to ping thru my internet connection, and not the VPN adapter. 20:41 < dioz> i'd need more information about your router 20:41 < dioz> it's probably using some kind of web-based interface too 20:42 < dioz> your router should push the routes to your computer 20:44 < kbarry> router is running DD-WRT (with openVPN) 20:57 -!- kbarry [~chatzilla@adsl-66-138-57-209.dsl.bumttx.swbell.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0/20111104165243]] 21:22 < krzee> !route 21:22 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 21:22 < krzee> oh hah he left 21:22 < newl> exit 21:23 < reiffert> operator 21:36 <@vpnHelper> RSS Update - forum: Multiple clients on OpenVPN - Routing Issue 21:36 <+TJNII> krzee: So a couple weeks back we were discussing HA OpenVPN and you asked me to report my findings. I haven't had time to play with routing failover, however everything I know about networking leads me to believe it won't work the way I want. I do have HA bridging OpenVPN working where a failover doesn't drop connections, though. 21:37 <+TJNII> I should clarify my requirements, though, as I've realized they are probably beyond the normal user 21:37 < newl> even mortal man? 21:38 < krzee> failover doesnt drop connections? very cool 21:38 < krzee> although interesting as well from a security standpoint... 21:38 < krzee> how do the effective keys (which rotate hourly) stay synced? 21:38 <+TJNII> I'm using OpenVPN in an environment where the traffic mostly shells, either via ssh or telnet. All TCP, though. Anyways, having your shell drop out could be ... bad. Losing the controlling terminal could cause processes to die, which could at best disrupt work or at worst brick something. So I wanted my sessions to stay open. 21:39 <+TJNII> With routing, on failover, the client IP has to change. I can't think of a a way without a lot of network magic. Especially in my environment where I don't control the router, so with routing I'd have to NAT. 21:40 <+TJNII> If the client IP changes, the TCP stack on the server won't know about it, and RST the connection. This is the conclusion the network guru at work and I reached. That will likely drop the session. 21:41 <+TJNII> So I went with bridging. On failover, the client connects to the new server, but can maintain its IP as it is a layer 2. No different from unplugging a ethernet cable and plugging it back into another port. 21:41 -!- newl [~newl@97.75.165.156] has left #openvpn [] 21:41 <+TJNII> As long as the arp tables catch up before whatever the client is using times out, everything just pauses and then starts back up as if nothing happened. 21:42 <+TJNII> Tested it this afternoon with some SSH and telnet sessions. Failed the server I was using, and it failed over to the next without dropping anything. 21:43 <+TJNII> krzee: The key negotiation all happens as you'd expect. As long as the client IP doesn't change the client can tolerate the disruption of a reconnect. 21:44 <+TJNII> I'm doing a long duration test right now. I left the tunnel open with some open sessions and went home. We'll see what state it is in tomorrow. 21:49 <+TJNII> Of course, an unexpected hurdle was that I'm using "redirect-gateway def1" and, by default, openvpn only created a special route for the server it was connected to so all other traffic was routed into the tunnel. This caused headaches on failover as, since it left the tunnel device up when it tried to reconnect, it would try to contact the falover server through the tunnel. (That obviously didn't work) I got around that by explicitly creating routes to all th 21:49 <+TJNII> e servers in the clinet config with the "net_gateway" argument so the client always can talk to all the servers, regardless of tunnel state. 21:53 <+TJNII> That's why I was asking about load balancers a while back, but I found the route method to be a much better solution. 22:30 <+TJNII> Wow. Apparently there was a patch to make OpenVPN work over ICMP at one point. I'd like ot get my hands on that, just so I caould say "Our VPN servers support TCP, UDP, and ICMP. *beat pause* You heard me." 22:31 <@ecrist> TJNII: troll 22:33 <@ecrist> you can do HA failover with openvpn in bridged mode, and many connections won't fail, but it's not perfect. 22:34 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 22:34 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 22:35 <+TJNII> True, and hopefully it will never be needed. I did some homework and basic tests on this, wanted to share while it was still fresh in my mind. I was asked to report back, after all. 22:36 <+TJNII> And I certainly hope you're callime be a troll for the ICMP comment, not for the failover comments. 23:54 <@vpnHelper> RSS Update - forum: How-to: Tunnel WAN IP assigned to specific users --- Day changed Wed Jan 04 2012 00:21 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has joined #openvpn 00:25 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has quit [Remote host closed the connection] 00:27 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has joined #openvpn 00:31 -!- aegidos [~admin@tmo-097-6.customers.d1-online.com] has quit [Remote host closed the connection] 00:31 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 00:43 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Ping timeout: 252 seconds] 00:52 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:55 <@vpnHelper> RSS Update - forum: download speed is VERY SLOW 00:58 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 01:09 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 276 seconds] 01:15 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has joined #openvpn 01:34 -!- beerbro is now known as Yaph-ar-ti 01:51 <+EugeneKay> TJNII - uh, wtf? It's called 'screen' 01:51 <+EugeneKay> Learn to use it. 01:52 -!- rasyid7 [~3333@69.163.36.67] has quit [Ping timeout: 240 seconds] 02:01 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 02:07 <@vpnHelper> RSS Update - forum: we are looking for a heads up on issues we would encounter. 02:18 -!- dazo_afk is now known as dazo 02:21 -!- helllen [~helllen@91.102.241.62] has joined #openvpn 02:21 < helllen> helllo 02:21 < helllen> I need to reinstall my openvpn server 02:21 < helllen> I would like it has the same CA to have the same certificates 02:22 < helllen> can I? 02:24 <+EugeneKay> Sure. 02:24 < matsim> not being an expert on openvpn but if your domain / hostname doesn't change you can copy the CA/certs 02:24 <+EugeneKay> openvpn doesn't care about domain/hostname 02:25 <+EugeneKay> the common-name of the certs is suggested to be the same as your hostname for sanity reasons, but there is not technical requirement for it 02:26 < matsim> EugeneKay: What happens if let's say the certs' cn is vpn.foo.org but now it's vpn.foobar.org - no complaining? 02:26 <+EugeneKay> So long as the cert is signed by the same CA with the same key-usage(client or server), the ther party will accept it as a valid certificate. 02:27 <+EugeneKay> other* 02:27 < matsim> ok, thanks 02:28 <+EugeneKay> You can build a script that will do implement a check of the CN against the hostname being connected to, but openvpn doesn't do this. 02:29 < matsim> I would have expected that (by ignorance of reading documentation though) 02:35 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 02:36 -!- Yaph-ar-ti [~gustav@sockensaft.garagenwein.at] has quit [Quit: ZNC - http://znc.sourceforge.net] 02:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 02:37 -!- Yaph-ar-ti [~gustav@mineralwasser.jesus.si] has joined #openvpn 02:51 <@vpnHelper> RSS Update - forum: Hope you can find a solution to this :) 02:58 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 03:02 <@dazo> helllen: if you have all your CA files on a different (preferably offline) computer .... openvpn will still work. the OpenVPN server just needs the CA certificate, server certificate and server key file .... if you generate a new server certificate and server key, signed by the same CA it will still work (at least if you either don't use --tls-remote or have the same CN value in the new certificate) 03:05 < helllen> where is the certificate located? 03:06 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 03:09 < JackWinter> helllen: where your config file says it is located :) otherwise i think it looks in the current dir. seems better to me to specify the full path in the config file, then you can manually start it from what ever dir you happen to be in 03:12 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Ping timeout: 252 seconds] 03:16 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:16 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 03:26 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 03:32 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 03:41 <@vpnHelper> RSS Update - forum: Non-Admin usage of OpenVPN on Windows 03:53 -!- aegidos_ [~admin@tmo-096-21.customers.d1-online.com] has joined #openvpn 03:57 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 03:57 -!- aegidos_ is now known as aegidos 03:59 -!- aegidos [~admin@tmo-096-21.customers.d1-online.com] has quit [Remote host closed the connection] 04:00 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 04:09 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 04:10 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 04:11 <@vpnHelper> RSS Update - forum: unable redirect default gateway 04:21 -!- datums_nb [~datums@cpe-72-130-14-131.socal.res.rr.com] has quit [Remote host closed the connection] 04:21 -!- master_of_master [~master_of@p57B5383F.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:23 -!- master_of_master [~master_of@p57B559BA.dip.t-dialin.net] has joined #openvpn 04:23 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Ping timeout: 248 seconds] 04:24 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 04:24 -!- mode/#openvpn [+o mattock] by ChanServ 04:34 -!- aegidos_ [~admin@tmo-096-21.customers.d1-online.com] has joined #openvpn 04:34 -!- aegidos_ [~admin@tmo-096-21.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:37 -!- Cubox [~Cubox@unaffiliated/cubox] has left #openvpn ["WeeChat 0.3.7-dev"] 04:38 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 04:40 -!- bauruine [~stefan@2001:8e0:100b:dead:f2de:f1ff:fe9f:974b] has quit [Remote host closed the connection] 04:43 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 04:43 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 04:43 -!- ErichG_ is now known as ErichG 04:49 -!- Tsunami1|phone [Tsunami1@unaffiliated/tsunami1] has joined #openvpn 04:49 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 04:50 -!- mah454 [~mah454@95.82.59.250] has joined #openvpn 04:50 < mah454> Hello 04:50 < mah454> I need openvpn web interface 04:50 -!- Tsunami1|phone [Tsunami1@unaffiliated/tsunami1] has left #openvpn [] 05:13 <+havoc> gah, "Options error: Maximum length of --push buffer (1024) has been exceeded" :( 05:13 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 05:13 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 05:13 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 05:15 -!- aegidos [~admin@tmo-097-58.customers.d1-online.com] has joined #openvpn 05:15 -!- aegidos [~admin@tmo-097-58.customers.d1-online.com] has quit [Remote host closed the connection] 05:16 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 05:26 -!- lolwut [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 05:27 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Disconnected by services] 05:27 -!- lolwut is now known as KindOne 05:29 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via] 05:30 <@dazo> havoc: which version are you on? 05:31 <+havoc> old I think, on debian, checking.... 05:31 <+havoc> 2.1~rc11-1 05:31 <+havoc> I'm consolidating the pushed subnets though 05:31 <+havoc> I understand that there has to be a limit 05:32 <@dazo> ouch .... I believe the final 2.1 releases will split longer pushes into several pushes 05:32 <+havoc> dazo: ah, nice 05:32 <@dazo> I think 2.1_rc11 is too old for that feature 05:32 <@dazo> just upgrade to the latest 2.2.2 release ;-) 05:32 <+havoc> I will be upgrading to 2.1.3-2 when I get off my ass and upgrade this machine to squeeze 05:34 <@dazo> havoc: you know 2.1 releases are not supported any more? ... and security/bugfixes needs to be backported by the debian package maintainer - if he have time for that 05:34 <+havoc> yup 05:34 <+havoc> which is why I'm just dealing witht he 1024 limit 05:34 <@dazo> :) 05:34 <+havoc> this machine desperately needs to be upgrade, I just need time :( 05:35 <@dazo> If I were you, I'd just compile the latest openvpn ... and replace the binary ... openvpn isn't file system intrusive at all ... it's the binary and the man page, basically 05:36 <+havoc> ah, nice 05:36 <+havoc> could also easily checkinstall it then too 05:36 <@dazo> (the rest of the files are mostly distro dependent - which can reside on the box) 05:36 <@dazo> not sure what checkinstall is .... but probably :-P 05:36 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Read error: Connection timed out] 05:37 <+havoc> ./configure && make && checkinstall 05:37 <+havoc> debian thing, basically converts to a .deb and installs so that it's in dpkg 05:37 <@dazo> ahh! 05:37 <+havoc> very handy for maintaining source stuff 05:37 <@dazo> even nicer :) 05:38 <+havoc> yup 05:38 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 05:38 <+havoc> but it's really only useful for stuff without a billion deps 05:38 <@dazo> yeah 05:38 < helllen> helllo again 05:39 < helllen> I am on the system now 05:39 < helllen> I would like to clone one installed system because it is now broken the filesystem 05:39 < helllen> and we are going to reinstall it again 05:39 <+havoc> dazo: I maintain dirs for src built stuff on my debian boxes w/ a text file containing the ./configure line I used 05:40 < helllen> the problem is I have served the certs to the clients and I would like to reuse them 05:40 < helllen> what should I do? 05:41 <@dazo> matsim: You are partially correct that changing host name may cause issues ... but that depends on if --tls-remote is used ... this will make the client check that the servers CN value matches the value provided to --tls-remote 05:41 <@dazo> helllen: do you know how PKI works in general? 05:42 < helllen> more less 05:42 <@dazo> helllen: so the answer is the same as last time ... if the CA certificate is the same, and the servers certificate is the same on your new box ... it will just work .... 05:43 < helllen> do I have to copy anything from the server with problems to the new server? 05:43 <@dazo> helllen: and the openvpn *only* needs the proper CA certificate, server certificate and server key ... if you have that ... then no problem 05:43 < helllen> where is the CA certificate located? 05:43 <@dazo> If the server key/certificate is corrupted .... create a new one, with the same CN as the old certificate .... and it will work 05:44 <@dazo> helllen: what does the 'ca' statement say in your openvpn config? 05:44 < helllen> I will check it 05:44 < helllen> as.conf ?? 05:45 <@dazo> helllen: are you using openvpn access server? 05:45 < helllen> yes 05:45 < helllen> with license 05:45 <@dazo> !as 05:45 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 05:46 <@dazo> we don't know much about the Access Server here .... the only thing AS uses from the community version is the openvpn binary ... that's all we know here 05:50 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 05:50 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 05:50 -!- voidzero is now known as vocis 05:53 <+havoc> dazo: we have a site-to-site via our office to another corp, and they have 14 different /25, /26, & /27's :( 05:54 <+havoc> for now I just threw them all in 172.22.0.0/16 05:54 <+havoc> less than ideal, but it'll work for now 05:56 <@dazo> mm 06:03 -!- aegidos_ [~admin@tmo-097-58.customers.d1-online.com] has joined #openvpn 06:06 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 06:06 -!- aegidos_ is now known as aegidos 06:09 -!- aegidos [~admin@tmo-097-58.customers.d1-online.com] has quit [Read error: Connection reset by peer] 06:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 06:14 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:21 -!- sibok [~developer@76.Red-213-98-136.staticIP.rima-tde.net] has joined #openvpn 06:21 < sibok> Hi, could someone tell me of a good resource to configure an vpn client under linux? thx :) 06:23 <@dazo> !howto 06:23 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:23 <@dazo> sibok: ^^^ 06:26 <@vpnHelper> RSS Update - forum: unable redirect default gateway 06:32 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Excess Flood] 06:35 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn 06:44 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 06:50 <@vpnHelper> RSS Update - forum: Unknown issue only with Linux client 06:53 -!- Undeadlord [~undead@8.10.252.240] has joined #openvpn 06:56 <+havoc> gah, still need to convert everything to tun too 06:57 < Undeadlord> Morning all, is there a way to add local routes to a purchased (I don't have control of he server config) VPN connection? 07:01 <+EugeneKay> Define "local routes" 07:02 <+EugeneKay> Route on your client to arbitrary set of addresses? Sure. Route on the server to your LAN? No. 07:04 < Undeadlord> Sorry, I am usingthe VPN on a machine that is seprate from my main laptop. I use a piece of software to allowme to use one keyboard and mouse to control both systems, when using the VPN I lose the ability to move from one machine to another. So I was wondering if I could have OpenVPN add the local client side LAN. 07:05 < Undeadlord> So it sounds like what I waned wouldn't work, unless I could have openvpn ignore the local LAN adreses for routing through the VPN 07:06 -!- mah454 [~mah454@95.82.59.250] has quit [Ping timeout: 240 seconds] 07:09 -!- mah454 [~mah454@95.82.59.250] has joined #openvpn 07:24 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 07:24 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 07:29 < Undeadlord> ah I think I got it :) 07:31 -!- mah454 [~mah454@95.82.59.250] has quit [Quit: Leaving] 07:31 -!- Undeadlord [~undead@8.10.252.240] has quit [] 07:32 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 07:32 < sibok> dazo: thx! 07:33 -!- Undeadlord [~undead@62.212.73.103] has joined #openvpn 07:34 -!- sibok [~developer@76.Red-213-98-136.staticIP.rima-tde.net] has quit [Remote host closed the connection] 07:38 <@vpnHelper> RSS Update - forum: Windows 7 Client question 07:38 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 07:44 <@vpnHelper> RSS Update - forum: Wrong routes set to the client 07:48 -!- Undeadlord [~undead@62.212.73.103] has quit [] 07:48 -!- converge [~converge@unaffiliated/joaop] has joined #openvpn 07:49 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:53 -!- bragon [~Alexandre@81.93.247.165] has quit [Ping timeout: 276 seconds] 07:55 -!- bragon [~Alexandre@81.93.247.165] has joined #openvpn 07:59 -!- fluter [~fluter@fedora/fluter] has quit [Read error: Connection reset by peer] 08:02 <@vpnHelper> RSS Update - forum: Windows 7 as OpenVPN server with redirect-gateway 08:03 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 08:11 -!- sled-dog [~luser@65-124-95-55.dia.static.qwest.net] has quit [Remote host closed the connection] 08:12 -!- converge [~converge@unaffiliated/joaop] has quit [Quit: Linkinus - http://linkinus.com] 08:15 -!- bragon [~Alexandre@81.93.247.165] has quit [Ping timeout: 240 seconds] 08:16 -!- bragon [~Alexandre@81.93.247.165] has joined #openvpn 08:32 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 08:34 < hyper_ch> krzee: http://www.theregister.co.uk/2012/01/04/german_cloud_ceiling/ 08:34 <@vpnHelper> Title: Germans increase office efficiency with 'cloud ceiling' • The Register (at www.theregister.co.uk) 08:41 -!- helllen [~helllen@91.102.241.62] has left #openvpn ["Saliendo"] 08:44 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 08:46 -!- fluter [~fluter@fedora/fluter] has quit [Quit: Leaving] 08:55 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 240 seconds] 08:56 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 08:57 < kbarry> I went home last night after setting up OpenVPN on DD-WRT router here at work. Tested connection (brought my key files with me) it connected. But once connected i couldnt ping anything behind the router. 09:00 < kbarry> Maybe i am missing soemthing i'd know about if i weren't a newb. I read something about routes. I was using my laptop at home as a client to the router running openVPN/DD-WRT and I couldn't get ping anything. I got an IP assigned from the virtual adapter, but i couldnt access anything. What am i missing? 09:08 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:09 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:09 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 268 seconds] 09:18 <@ecrist> !route 09:18 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 09:18 <@ecrist> kbarry ^^^ 09:18 < dioz> i doubt it's route 09:18 < dioz> he said something about not having a gateway 09:19 <@ecrist> a gateway is very specifically about missing routes. ;) 09:22 < dioz> well yeah i know 09:22 < dioz> but 09:22 < dioz> split hairs! 09:22 <@ecrist> and, in his text above, he doesn't even use the word gateway 09:23 <@ecrist> I know he was her yesterday, but I don't review former conversations if I'm here now. 09:24 < dioz> kbarry: your gateway would provide a lease on a ip to the machine joining the vpn 09:24 <@ecrist> it would? 09:24 < dioz> with that information it would provide gateway/dns/routes 09:24 < dioz> i would speculate on his router setup 09:26 < kbarry> Thanks for the help. I have read that twice. 09:26 <@ecrist> we try to keep the speculation down 09:26 < kbarry> I have a pastebin of my config 09:27 <@ecrist> can I see it, please? 09:27 < kbarry> http://pastebin.com/HadzuR14 09:27 <@ecrist> also 09:27 <@ecrist> !logs 09:27 <+EugeneKay> xD 09:27 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 09:28 <@ecrist> dioz: looking at his configs, your speculation is dead-wrong 09:28 < kbarry> i "think" what i need is 09:28 < kbarry> to add a route 09:28 < dioz> *shrug* 09:28 <@ecrist> kbarry: client config, as well, please 09:29 <@ecrist> and the logs from BOTH sides 09:29 < kbarry> http://pastebin.com/dGkXh95a 09:29 < dioz> yesterday he didn't post his server config ecrist 09:30 < kbarry> hahahaha, ok, let me get those (Thanks for the help 09:30 < kbarry> http://pastebin.com/uBDwGMqe 09:31 < kbarry> I don't know exactly how to get the server logs (off the router) let me look. 09:31 <@ecrist> also, verb 4 please for the logs 09:31 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 09:31 <@ecrist> I assume the routing table at the top of your paste is on the server? 09:32 < kbarry> yes. i'll properly label it. About to pastebin again, found server logs. 09:32 <@ecrist> just to clear this up in my head, then, I think I see your problem. 09:33 < kbarry> http://pastebin.com/bYJG7Msp 09:33 <@ecrist> your server lan is 10.0/24, your VPN is 192.168.2.0/24 09:33 <@ecrist> and you want the VPN to communicate with the server lan, correct? and you're using bridged-mode VPN? 09:35 < kbarry> Yes, i want to be on my laptop at home (Client), and be able to ping/remote a server that is on the LAN 09:35 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:35 < kbarry> I don't know if its in bridge mode. I drive on bridges with my car........ 09:35 < kbarry> (a joke about how little i know about bridges :) 09:36 <@ecrist> I would suggest changing the server-bridge line to the following, then 09:37 < kbarry> The server config, i pasted it from a tutorial i found. 09:37 <@ecrist> server-bridge 10.0.0.X 255.255.255.0 10.0.0.225 10.0.0.249 09:37 < kbarry> (meaning i have no idea what each line of the config actally does.) 09:38 <@ecrist> change X to the IP of your server's lan interface 09:39 <@ecrist> then you need to bridge tap0 with your ethernet interface on the VPN server 09:40 <@ecrist> alternatively, you can use server-bridge "nogw" and your LAN dhcp server will pass out IP information, but won't pass the gateway 09:41 -!- prg3 [~prg3@chatter.majestik.org] has joined #openvpn 09:41 <@ecrist> the bridging of tap0 and eth0 on the vpn server still needs to occur though 09:43 -!- rooth [rooth@ge.mig.en.redfox.nu] has quit [Ping timeout: 244 seconds] 09:44 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 09:44 -!- rooth [rooth@ge.mig.en.redfox.nu] has joined #openvpn 09:47 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 09:49 < kbarry> ok i added the change. Do i need to have a "route xxxxxxxxxx" line in the config? I just want all clients to have access to the whole lan behind the server 09:49 < kbarry> THANK YOU so much for taking time to deal with me. 09:49 < pwrcycle> kbarry you'll need to add client-to-client in the server config then. 09:50 <@ecrist> kbarry: no, you don't 09:51 <@ecrist> but add client-to-client like pwrcycle said 09:51 <@ecrist> that way VPN clients can talk to eachother. 09:51 < prg3> Is OpenVPN a reasonable option for large site to site connections? I'm using it for remote user to server connections and it works like a charm 09:52 < hyper_ch> define large site to site connections 09:54 <@ecrist> prg3: I tend to defer to IPSec for static tunnels for large clients 09:54 <@ecrist> but we use openvpn internally 09:55 < prg3> ecrist: I was using Ipsec between, but the way that OpenBSD's ipsec dealt with routing was annoying me.. I've cutover to GRE with IPSEC tunnels, however that's causing me weird troubles. 09:56 <@ecrist> use cisco 09:58 < pwrcycle> prg3 your prob. with tunnel in tunnel could been the MTU size but this isn't either of those channels. 10:00 < prg3> ecrist: No budget for real gear.. 10:00 < prg3> pwrcycle: I just dropped it to 1200.. 10:01 <@ecrist> you can get an 1841 on ebay for about $250 10:01 <@ecrist> regardless, you should be able to use openvpn without a problem. 10:02 <@ecrist> !mtu 10:02 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting 10:03 < prg3> I think dropping the GRE mtu actually might have solved the problem… but I might still look at using OpenVPN for the site to site if this thing gives me any more trouble. 10:04 <@ecrist> use the debug guide above, written by _quadDamage 10:04 <@ecrist> it's thourough. 10:05 < pwrcycle> prg3 cool 10:07 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 10:07 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 10:07 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 10:16 < kbarry> ecrist: " the bridging of tap0 and eth0 on the vpn server still needs to occur though" what is this?>? 10:16 < kbarry> Got called away from my desk, catching up. 10:22 <@ecrist> what are you using for a VPN server? 10:22 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:23 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Read error: Connection timed out] 10:24 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 10:36 -!- Duryodhan [~Duryodhan@117.224.165.55] has joined #openvpn 10:44 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:48 -!- xsteadfastx [~mpreuss@ppp-93-104-143-30.dynamic.mnet-online.de] has joined #openvpn 10:48 <@vpnHelper> RSS Update - forum: New Site-to-Site Tunnel With Partial Connectivity 11:03 < kbarry> ecrist: Buffalo WHR-G54S running DD-WRT (with the built in openVPN) 11:05 <@ecrist> you'll have to ask the DD-WRT people how to bridge tap0 and eth0 11:05 <@dazo> kbarry: any particular reason you chose dd-wrt? 11:05 <@ecrist> also, I'd suggest making tap0 a static interface and keep the bridge static, as well 11:05 < kbarry> dazo: there was a Tutorial for it? 11:05 <@dazo> kbarry: I wouldn't trust dd-wrt ... they have a not too good approach to security issues ... 11:06 < kbarry> i'm just wanting clients to have access to the entire lan that the server is on. 11:06 < kbarry> what would you trust? 11:07 < kbarry> Not that loss of data is the only risk from less than secure security, but its not a big concern right now. We don't have information on the lant hats sensitive, 11:07 < kbarry> having our computers hacked would suck of course 11:07 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 11:07 < kbarry> but there are only 5 employees, and right now i'm mainly just interested in getting it up in "any" form. 11:08 < kbarry> i mean, i can connect tot he VPN, but i can't ping anything. I want to be able to remote desktop into a computer thats on the lan with the server (The router is the server) 11:09 <@dazo> kbarry: there's a little project called littleblackbox ... which has all ssh keys for dd-wrt releases .... which can be used to decrypt ssh traffic ... and the dd-wrt team don't see that as a problem for example 11:10 <@dazo> kbarry: it was also noticed that in one of their releases it was some hard coded iptables rules, with specific IP addresses granted access to the dd-wrt box ... and dd-wrt team didn't find it important enough to inform their users about it 11:11 < kbarry> I appreciate the security concerns. I don't think i know enough to make an informed decision. I can't even ping across my VPN yet.... 11:12 <@dazo> kbarry: dd-wrt is probably fine if you do a full review of the running code in dd-wrt ... but these issues is one of my main reasons to ditch it and use openwrt instead 11:12 -!- Duryodhan_ [Duryodhan@2002:75e1:baeb::75e1:baeb] has joined #openvpn 11:13 < kbarry> i'm just trying to get my vpn working in any form. A non functioning VPN is the best form of security :) 11:15 -!- Duryodhan [~Duryodhan@117.224.165.55] has quit [Read error: Connection reset by peer] 11:15 < kbarry> have to step out for a prject. bbl 11:17 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 11:19 <@dazo> kbarry: a non-functioning router is the best form of security ... if you can access the router from the outside via ssh (or http/https), you're vulnerable instantly again 11:19 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 11:19 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has joined #openvpn 11:22 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 11:28 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 11:29 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:35 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 11:42 < vlt> Hello. I had to install OpenVPN on a windows machine. When I set it up it worked quite well. But now in production use I can't access the client and vice versa. Although it seems to establish a connection just fine I can't send pings or any other packets. I have a quite large "verb 9" logfile here: http://pastebin.com/2Pd6nDHS Can anyone see what might cause the problem here? 11:47 -!- Duryodhan_ [Duryodhan@2002:75e1:baeb::75e1:baeb] has quit [Quit: Leaving] 11:53 <@vpnHelper> RSS Update - forum: Using web hosting account for VPN tunnel 11:53 < dioz> vlt: odds are we'll need your conf files (client and server) and any logs/debug (verbose 4) you can provide 11:53 < dioz> in order to be ANY help at all 11:54 < dioz> and don't paste them here use pastebin and link the url 11:56 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 11:57 < vlt> dioz: Ok, thanks. I'll find some verbose 4 logs and conf files ... 11:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 11:59 <@vpnHelper> RSS Update - forum: Can connect, but nothing routing... 12:11 <@ecrist> kbarry: I told you what to do to get it working... 12:21 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:23 <@vpnHelper> RSS Update - forum: Layer 2 bridging not working 12:23 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 12:49 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 248 seconds] 12:50 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 12:54 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 12:55 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 255 seconds] 12:58 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 12:59 -!- cp [~chirayu@matrix.openvpn.org] has joined #openvpn 12:59 -!- cp is now known as patelx 13:02 -!- patelx [~chirayu@matrix.openvpn.org] has quit [Changing host] 13:02 -!- patelx [~chirayu@openvpn/corp/admin/patel] has joined #openvpn 13:14 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 13:14 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:16 -!- aegidos [~admin@p54B5AA44.dip.t-dialin.net] has quit [Quit: aegidos] 13:19 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 13:19 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:32 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 255 seconds] 13:32 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:32 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:35 <+havoc> to convert to tun now, or later? 13:35 * havoc is slackin 13:43 <+havoc> just have to remember to use --topology subnet 13:47 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Read error: Operation timed out] 13:47 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 13:53 -!- Roadblock_RVA [~Roadblock@office.neteasyinc.com] has joined #openvpn 13:54 < Roadblock_RVA> !welcome 13:54 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 13:55 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 13:55 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Remote host closed the connection] 13:55 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 13:55 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds] 13:58 -!- dazo is now known as dazo_afk 14:09 < Roadblock_RVA> client-server setup failing with "bad source address from client [] packet dropped" 14:10 < Roadblock_RVA> Pastebin is here: http://pastebin.com/CZrQSeza 14:10 < Roadblock_RVA> From everything I've seen and understand this should be working, but I'm doubtless overlooking something simple 14:11 < Roadblock_RVA> Server is centos 5.7 and client is vyatta 6.3 14:25 < kbarry> ecrist: earlier you said i have have the LAN DHCP give ip leases, but it won't pass the gateway, what do you mean it won't pass the gateway? What advantages are there to using the dhcp of the lan for vpn connections? 14:27 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 14:28 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 14:31 <+havoc> kbarry: I would think the only disadvantage would be that it's an additional dependency 14:31 <+havoc> I use LAN DHCP for my OVPN clients 14:31 <+havoc> and a dhcp-relay 14:32 <+havoc> you need a dhcp-relay in a routed environment; don't need it if it's a bridged environment 14:32 <+havoc> also don't need it if the ovpn server and dhcp server are he same machine 14:33 < kbarry> havoc: this is my first day dealing with bridges :) Still trying to figure out exactly how i need to do thing. ecrist was heling me earlier, but i fear i might be just a little lost still. 14:34 <+havoc> bridging can seem simpler but it has more deps 14:34 < kbarry> i don't know what a dhcp relay is, I started the day with a vpn server i setup yesterday, i could get connected last night from home, but i couldnt ping anything. 14:34 <+havoc> rather very specific things have to happen in the exact correct order or it will all fail 14:35 < kbarry> i think if i understood what was being told to me, i am getting connected, but the communications thru the vpn aren't getting conencted to the right chanel to actually access the lan. 14:35 < kbarry> he mentioned bridging two interfaces 14:35 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has joined #openvpn 14:35 <+havoc> yes 14:36 < BustyLoli-Chan> would you squeeze until I cried? o.o 14:36 < BustyLoli-Chan> oh :O 14:36 < BustyLoli-Chan> btw 14:36 < BustyLoli-Chan> I MANAGED TO DO ALL THAT I NEEDED WITH THE WINDOWS ROUTING TABLE 14:36 < kbarry> ecrist then you need to bridge tap0 with your ethernet interface on the VPN server 14:36 < kbarry> ecrist alternatively, you can use server-bridge "nogw" and your LAN dhcp server will pass out IP information, but won't pass the gateway 14:36 < BustyLoli-Chan> WITHOUT YOUR SHITTY LACK OF SUPORT 14:36 < kbarry> -->| prg3 (~prg3@chatter.majestik.org) has joined #openvpn 14:36 < kbarry> ecrist the bridging of tap0 and eth0 on the vpn server still needs to occur though 14:37 < BustyLoli-Chan> AND WITHYOUT YOUR SHITTY SOFTWARE 14:37 < BustyLoli-Chan> THAT IS SO FUCKING COMLICATED TO USE IT'S A FUCKING JOKE 14:37 < BustyLoli-Chan> anyway yeah :3 14:37 -!- BustyLoli-Chan [~BustyLoli@24.111.195.1] has quit [Client Quit] 14:38 <+havoc> kbarry: yeah, you need a br0 or something 14:39 <@ecrist> heh 14:39 <@ecrist> BustyLoli-Chan thinks we give a shit. 14:39 <@ecrist> that's cute. 14:40 <+havoc> kbarry: this is how I did it, when I did it: http://pastebin.com/fgscBgmS 14:40 <+havoc> that's from /etc/network/interfaces on debian 14:40 <+havoc> ecrist: yeah, not a happy person 14:41 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 14:42 < jkyle> openstack's pretty new, growing pains I guess. docs are here and there 14:58 -!- patelx [~chirayu@openvpn/corp/admin/patel] has quit [Quit: patelx] 14:59 -!- cp [~chirayu@64.125.181.73] has joined #openvpn 14:59 -!- cp_ [~chirayu@matrix.openvpn.org] has joined #openvpn 15:00 -!- cp_ [~chirayu@matrix.openvpn.org] has quit [Client Quit] 15:03 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:03 -!- cp [~chirayu@64.125.181.73] has quit [Ping timeout: 240 seconds] 15:09 -!- kyrix [~ashley@chello084112114196.33.11.vie.surfer.at] has joined #openvpn 15:09 -!- kyrix_ [~ashley@chello084112114196.33.11.vie.surfer.at] has joined #openvpn 15:10 -!- kyrix_ [~ashley@chello084112114196.33.11.vie.surfer.at] has quit [Read error: Connection reset by peer] 15:12 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:12 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 15:21 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 15:22 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:29 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 15:30 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 240 seconds] 15:32 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 15:34 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 252 seconds] 15:50 < kbarry> havoc: mind giving me a bit of a walkthrough that link you sent? 15:50 <+havoc> it's one way to set up a bridge in linux 15:50 <+havoc> a bridge device is like an ethernet device 15:51 <+havoc> br instead of eth or tap or tun 15:51 <+havoc> it consists of 2 or more network interfaces, in this case tap0 and eth0 15:52 <+havoc> the tricky bit is that in the case of a vpn one of the ifaces is virtual 15:52 <+havoc> this means that you must make sure it is up before br0 can be created 15:53 <+havoc> once created you would route/firewall traffic via br0 rather than via eth0 or tap0 15:54 <+havoc> ecrist: I've been thinking about going back to a bridged setup 15:55 <+havoc> a hybrid bridge that is; tun0 + tun1 = br0 where tun0 is udp:1194 and tun1 is tcp:443 15:57 -!- Roadblock_RVA [~Roadblock@office.neteasyinc.com] has quit [Quit: Leaving] 15:58 < kbarry> havoc this instruction from ecrist is still confusing me.: "alternatively, you can use server-bridge "nogw" and your LAN dhcp server will pass out IP information, but won't pass the gateway...the bridging of tap0 and eth0 on the vpn server still needs to occur though" 15:58 < kbarry> the bridging of tap- and eth0... 15:59 <+havoc> I don't know what he meant either 16:00 < kbarry> i'm trying to have cleints connect to the server (a router running dd-wrt and openvpn) and the client be abel to "see" the lan that the router is on(and handling dhcp for) 16:00 < kbarry> sounds like you set it up so the vpn clients get ip leases from the lan's dhcp? 16:00 <+havoc> yes 16:01 <+havoc> and my bridge method would work for you, assuming eth0 is your internal (lan) iface 16:01 <+havoc> and no need for a dhcp relay since ovpn and dhcp are on same device 16:02 <+havoc> *or* you could use your existing configs and add soem routes and enable ip forwarding 16:03 < kbarry> on my router there is a "bridging" area, and under current bridging table it sas 16:03 < kbarry> intervaces vlan0 eth1 16:04 <+havoc> unless on of those is the interface openvpn creates it won't work 16:05 < kbarry> .... 16:05 < kbarry> Maybe i need to start again tomorrow. 16:06 < kbarry> I don't know enough to effectively help myself. 16:06 < kbarry> :) 16:06 <+havoc> spend the night researching/reading up on networking 16:06 <+havoc> wikipedia is a good start 16:07 <+havoc> there is a *lot* to know, and it's counter-productive to think you can start from nothing in no time 16:07 <+havoc> seems like you may have a good start though 16:11 < kbarry> :) 16:12 < kbarry> I am familiar with networking to some degree. This is a bit advanced for me. Trying to avoid the learning curve because i hope that this would be a one time event. 16:12 < kbarry> and fairly standard application 16:12 <+havoc> ha, there's nothing "standard" about a vpn, any vpn 16:13 <+havoc> or any network infrastructure for that matter 16:17 < kbarry> well, getting a single client conencted to the server which is also the router, and give the client access to the lan... baffling. 16:20 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 16:26 -!- kbarry [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Ping timeout: 252 seconds] 16:29 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:31 -!- kbarry [~chatzilla@rrcs-24-153-167-49.sw.biz.rr.com] has joined #openvpn 16:39 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has joined #openvpn 16:39 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 16:40 -!- kbarry_ [~chatzilla@rrcs-24-153-167-50.sw.biz.rr.com] has quit [Client Quit] 16:40 -!- kbarry [~chatzilla@rrcs-24-153-167-49.sw.biz.rr.com] has quit [Ping timeout: 248 seconds] 16:45 -!- kyrix [~ashley@chello084112114196.33.11.vie.surfer.at] has quit [Remote host closed the connection] 16:52 -!- y_nk [5d13093b@gateway/web/freenode/ip.93.19.9.59] has joined #openvpn 16:52 < y_nk> hello 16:53 < y_nk> i'm looking for some support on openvpn 16:54 < y_nk> i get an error from my openvpn daemon, and i don't know what could be the issue 16:54 < y_nk> the error says it cant read the dh pem file 16:54 < y_nk> but i used the easy-rsa scripts with my windows computer 16:54 < y_nk> (3 times tbh) 16:57 < y_nk> i cant find the version of openvpn installed on my router 16:58 < y_nk> and i think it could be due to different versions between the scripts and the daemon 16:58 < y_nk> does anyone know something related to something similar ? 17:04 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 17:06 < krzee> !path 17:06 <@vpnHelper> "path" is It is a good idea to use full paths in your config. 17:07 < krzee> !winpath 17:07 <@vpnHelper> "winpath" is (#1) Remember on Windows to quote pathnames and use double backslashes, e.g.: "C:\\Program Files\\OpenVPN\\config\\foo.key" or (#2) also, you can use forward slashes to avoid needing double backslashes, but you still need quotes, e.g.: C:/Program Files/OpenVPN/config/foo.key (but surrounded by quotes) 17:07 < krzee> it not being able to read a local file has nothing to do with openvpn version 17:07 -!- y_nk [5d13093b@gateway/web/freenode/ip.93.19.9.59] has quit [Ping timeout: 258 seconds] 17:07 < krzee> OR THAT 17:16 <@vpnHelper> RSS Update - forum: my wish 17:17 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 17:20 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 17:20 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 17:20 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 17:21 -!- voidzero is now known as vocis 17:22 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 17:27 -!- Denial [Denial@drgi.co.uk] has quit [] 17:37 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 17:37 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 17:43 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Ping timeout: 240 seconds] 17:46 <@vpnHelper> RSS Update - forum: breaking up Class C into four subnets 17:48 -!- Roadblock_RVA [~Ragansi@pool-173-53-37-34.rcmdva.fios.verizon.net] has joined #openvpn 17:57 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 17:57 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 17:57 -!- ErichG_ is now known as ErichG 18:00 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 18:01 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 252 seconds] 18:05 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:06 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.] 18:06 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:07 -!- Harley [~Harley@182.149.72.25] has joined #openvpn 18:10 < NetSkay> hey guys 18:10 -!- Harley [~Harley@182.149.72.25] has quit [Remote host closed the connection] 18:11 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:11 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:14 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:14 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:14 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Client Quit] 18:14 -!- Kateon [482392@xs8.xs4all.nl] has quit [Ping timeout: 240 seconds] 18:21 -!- Kateon [482392@xs8.xs4all.nl] has joined #openvpn 18:22 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:23 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:29 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:29 -!- NetSkay [~quassel@c-71-207-130-87.hsd1.va.comcast.net] has quit [Remote host closed the connection] 18:47 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 19:05 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 19:07 -!- _julian_ [~quassel@hmbg-5f761fad.pool.mediaWays.net] has joined #openvpn 19:08 -!- _julian [~quassel@hmbg-5f767116.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:19 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 19:42 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Ping timeout: 276 seconds] 20:08 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 20:32 -!- jkyle [~krunk-@unaffiliated/krunk-] has joined #openvpn 20:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 20:50 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 20:58 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 252 seconds] 20:59 -!- qiyong [~qiyong@60.23.248.82] has joined #openvpn 21:00 -!- qiyong [~qiyong@60.23.248.82] has quit [Client Quit] 21:05 -!- jkyle [~krunk-@unaffiliated/krunk-] has quit [Quit: Lost terminal] 21:07 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:20 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 21:37 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 21:37 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 21:37 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:47 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Read error: Operation timed out] 21:48 -!- CharlieSheen [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 21:48 -!- CharlieSheen is now known as KindOne 22:07 -!- iDiytto [~diytto@96.18.141.120] has joined #openvpn 22:12 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 22:15 -!- Rahail-m [~irC@c-71-238-240-241.hsd1.mi.comcast.net] has joined #openvpn 22:16 < Rahail-m> hi 22:16 < Rahail-m> !welcome 22:16 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 22:16 < Rahail-m> !goal 22:16 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 22:17 < Rahail-m> !lan 22:17 < Rahail-m> !route 22:17 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 22:18 < Rahail-m> any one can help me configuring vpn 22:18 < Rahail-m> please let me know 22:18 < krzie> !ask 22:18 <@vpnHelper> "ask" is (#1) don't ask to ask, just ask your question please or (#2) http://www.latinsud.com/answer/ or (#3) http://www.catb.org/~esr/faqs/smart-questions.html to learn how to get help 22:19 < krzie> oh and more importantly: 22:19 < krzie> !goal 22:19 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 22:19 < Rahail-m> :) 22:19 < Rahail-m> i try didnt work not that exprince yet 22:29 -!- iDiytto [~diytto@96.18.141.120] has quit [Quit: Colloquy crashed.] 22:58 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 23:00 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:18 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- IRC with a difference] 23:20 -!- Rahail-m [~irC@c-71-238-240-241.hsd1.mi.comcast.net] has quit [] 23:23 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 23:29 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 23:29 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 23:33 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 23:36 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 23:36 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 23:37 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 23:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 23:37 -!- ErichG_ is now known as ErichG 23:52 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 252 seconds] --- Day changed Thu Jan 05 2012 00:13 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 00:13 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 00:13 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 00:17 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 00:20 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 00:22 -!- modsiw [~modsiw@c-69-254-97-12.hsd1.tn.comcast.net] has joined #openvpn 00:23 < modsiw> can someone point me to directions to make a tap in linux? 00:23 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 00:23 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 00:23 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 00:24 < hyper_ch> modsiw: why do you want to use tap? 00:25 < modsiw> to create bridge 00:25 < hyper_ch> !goal 00:25 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 00:27 < modsiw> trying to get a media center extender to work from one lan to another 00:27 < hyper_ch> !bridge 00:27 <@vpnHelper> "bridge" is (#1) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html for the doc or (#2) http://openvpn.net/index.php/documentation/faq.html#bridge1 for info from the FAQ or (#3) also see !tunortap and !layer2 and read --server-bridge in the manual (!man) 00:27 < hyper_ch> !tunortap 00:27 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 00:27 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 00:31 < modsiw> !wins 00:31 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 00:49 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Quit: Ex-Chat] 00:55 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 00:59 -!- Duryodhan [~Duryodhan@14.139.58.194] has joined #openvpn 01:01 < Duryodhan> have anyone used Endian firewall 01:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 01:04 < Duryodhan> hello 01:04 < Duryodhan> anyone have used endian firewall ..?? 01:05 < krzie> no, do you have an openvpn question instead? 01:10 -!- Yaph-ar-ti is now known as beerbro 01:14 < hyper_ch> hi krzie 01:14 < krzie> hey hyper_ch 01:15 < hyper_ch> krzie: I did order myself some expensive gear 01:16 < krzie> o ya? 01:16 < krzie> need my shipping address? 01:16 < krzie> ;] 01:16 -!- Duryodhan [~Duryodhan@14.139.58.194] has quit [Remote host closed the connection] 01:16 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Read error: No route to host] 01:16 < hyper_ch> krzie: :) a treadmill desk 01:16 < hyper_ch> I should get it in about 3 weeks 01:16 < krzie> haha 01:17 < hyper_ch> well, elctric height adjustable desk with 200x100 cm 01:17 < hyper_ch> can lift about 200kg 01:17 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 01:18 < hyper_ch> plus a treadmill aimed at slow speed of 0.5 - 2 mph 01:21 -!- aegidos_ [~admin@tmo-103-90.customers.d1-online.com] has joined #openvpn 01:21 <@vpnHelper> RSS Update - forum: Multiple internet connection using iptables 01:23 -!- aegidos_ [~admin@tmo-103-90.customers.d1-online.com] has quit [Read error: Connection reset by peer] 01:24 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 01:34 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 01:38 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 01:52 <@vpnHelper> RSS Update - forum: Wrong routes set to the client 02:04 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 02:14 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:27 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 02:27 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 02:48 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Remote host closed the connection] 02:48 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 03:02 -!- chantra [~chantra@ns353511.ovh.net] has quit [Ping timeout: 255 seconds] 03:02 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn 03:08 -!- Duryodhan [~Duryodhan@14.139.58.194] has joined #openvpn 03:22 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 03:34 <@vpnHelper> RSS Update - forum: Ubuntu 11.10 TUN help 03:36 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 03:41 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Remote host closed the connection] 03:45 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 03:45 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has quit [Remote host closed the connection] 03:46 -!- Duryodhan [~Duryodhan@14.139.58.194] has quit [Remote host closed the connection] 04:06 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 04:18 -!- rasyid7 [~3333@69.163.36.67] has quit [] 04:20 -!- master_of_master [~master_of@p57B559BA.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:20 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B554F9.dip.t-dialin.net] has joined #openvpn 04:27 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has quit [Remote host closed the connection] 04:27 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 04:30 -!- aegidos_ [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 04:32 -!- aegidos_ [~admin@tmo-102-3.customers.d1-online.com] has quit [Remote host closed the connection] 04:33 -!- pranq [~pranq@unaffiliated/contempt] has quit [Quit: leaving] 04:34 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:34 -!- pranq [pranq@unaffiliated/contempt] has joined #openvpn 04:36 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has joined #openvpn 04:36 -!- aegidos [~admin@tmo-102-3.customers.d1-online.com] has quit [Read error: Connection reset by peer] 04:36 -!- aegidos [~admin@tmo-097-34.customers.d1-online.com] has joined #openvpn 04:37 -!- aegidos [~admin@tmo-097-34.customers.d1-online.com] has quit [Remote host closed the connection] 04:37 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 04:43 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:49 -!- dazo_afk is now known as dazo 04:55 -!- xsteadfastx [~mpreuss@ppp-93-104-143-30.dynamic.mnet-online.de] has left #openvpn [] 05:00 -!- RonPaul [~KindOne@colchester-lug/silly-fool/donut] has joined #openvpn 05:01 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Disconnected by services] 05:01 -!- RonPaul is now known as KindOne 05:10 -!- Savvis [Savvis@68.140.79.239] has joined #openvpn 05:10 -!- Savvis [Savvis@68.140.79.239] has left #openvpn [] 05:10 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 05:10 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 05:20 -!- aegidos [~admin@tmo-097-94.customers.d1-online.com] has joined #openvpn 05:21 -!- aegidos [~admin@tmo-097-94.customers.d1-online.com] has quit [Remote host closed the connection] 05:21 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 05:24 -!- dazo is now known as dazo_afk 05:27 -!- Forco [~eivind@gore.copyleft.no] has joined #openvpn 05:27 < Forco> !welcome 05:27 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 05:27 < Forco> !goal 05:27 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 05:28 -!- aegidos_ [~admin@tmo-097-94.customers.d1-online.com] has joined #openvpn 05:30 < Forco> I am working on setting up a OpenVPN-server. Everything seems to work fine. I'm using "push "redirect-gateway def1"" to try to get all traffic to go through the VPN-server. But on the client (Windows XP, usingg the OpenVPN-client) the gateway is set to "10.0.1.5" when i do a "route PRINT". And i can't access the internal or the external networks im trying to reach through the VPN. If i manually set the interface in windows to use 10.0.1.1 as gateway everyt 05:30 -!- aegidos_ [~admin@tmo-097-94.customers.d1-online.com] has quit [Remote host closed the connection] 05:30 -!- aegidos_ [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 05:30 < Forco> I have looked around for a solution on google/different forums for quite a while now. Can't seem to find any solution. 05:31 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Remote host closed the connection] 05:31 -!- aegidos_ is now known as aegidos 05:31 -!- dazo_afk is now known as dazo 05:50 <@vpnHelper> RSS Update - forum: Can connect, but nothing routing... 05:56 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 05:59 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 06:10 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:18 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:23 -!- Roadblock_RVA [~Ragansi@pool-173-53-37-34.rcmdva.fios.verizon.net] has quit [Quit: Leaving] 06:31 -!- ariana_ [~ariana@8.22.83.151] has joined #openvpn 06:32 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 06:32 < ariana_> openvpn crypically fails to start 06:32 < ariana_> i created certificated 06:32 < ariana_> s 06:35 <@dazo> !welcome 06:35 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 06:35 < ariana_> http://en.gentoo-wiki.com/wiki/OpenVPN i followed those instructions 06:35 <@vpnHelper> Title: OpenVPN - Gentoo Linux Wiki (at en.gentoo-wiki.com) 06:35 < ariana_> if there is a better place to start point me there 06:36 < ariana_> thank you dazo 06:37 < ariana_> i can't get the thing to start in order to experience any run-time failures 06:37 < ariana_> !configs 06:37 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 06:38 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:40 < ariana_> oh, i'm sorry, just woke up... it doesn't like nm 06:41 < ariana_> it doesn't like odd netmasks though but i just used a more normal one 06:44 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 06:48 < ariana_> thanks again dazo 06:51 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 06:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:55 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 07:00 -!- ariana_ [~ariana@8.22.83.151] has quit [Ping timeout: 240 seconds] 07:03 -!- dangergrrl [~ariana@8.22.83.151] has joined #openvpn 07:08 -!- dangergrrl [~ariana@8.22.83.151] has quit [Read error: Connection reset by peer] 07:09 -!- dangergrrl [~ariana@8.22.83.151] has joined #openvpn 07:19 <@vpnHelper> RSS Update - forum: Problem connecting Windows 7 to OpenVPN 07:28 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 07:31 -!- EugeneKay [eugene@itvends.com] has quit [Read error: Operation timed out] 07:36 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 07:48 -!- mode/#openvpn [+v EugeneKay] by ChanServ 07:50 -!- KindOne [~KindOne@colchester-lug/silly-fool/donut] has quit [Quit: mmm donuts....] 07:54 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 07:54 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 07:54 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 07:54 -!- mode/#openvpn [+v Axeman] by ChanServ 08:02 -!- S1lv3R [~ben@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 08:02 < S1lv3R> hello World 08:03 < S1lv3R> is this normal? When i connect to my ovpn Server the connection will be lost for few secs? 08:04 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 08:05 -!- krantz [~gustav.kr@h-176-10-236-148.na.cust.bahnhof.se] has joined #openvpn 08:05 < krantz> Im trying to install openvpn 2.2.2 on a debian dist. 08:05 -!- anathaema [~ariana@8.22.83.151] has joined #openvpn 08:05 < krantz> I follow the steps for "Linux Notes (without RPM)" on http://openvpn.net/index.php/open-source/documentation/howto.html#install 08:05 <@vpnHelper> Title: HOWTO (at openvpn.net) 08:05 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 08:06 < krantz> But at "make" and "make install" i get "make: *** No rule to make target `install'. Stop." 08:06 < krantz> make: *** No targets specified and no makefile found. Stop. 08:06 < krantz> Why is that? 08:07 < S1lv3R> krantz: http://www.youtube.com/watch?v=BfZV4MnGfkk&feature=related 08:07 <@vpnHelper> Title: OpenVPN Install How To - YouTube (at www.youtube.com) 08:07 -!- dangergrrl [~ariana@8.22.83.151] has quit [Ping timeout: 240 seconds] 08:08 < anathaema> what doc for win7 setup after getting the server up? 08:09 < S1lv3R> plz check howtos for Client Configuration 08:11 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 08:14 -!- anathaema [~ariana@8.22.83.151] has quit [Read error: Connection reset by peer] 08:15 -!- anathaema [~ariana@8.22.83.151] has joined #openvpn 08:15 -!- Forco [~eivind@gore.copyleft.no] has quit [Quit: Lost terminal] 08:21 <@vpnHelper> RSS Update - forum: IGMP 08:22 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 08:28 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 08:36 -!- APTX_ is now known as APTX 08:37 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 08:39 <@vpnHelper> RSS Update - forum: UDP working fine , TCP not connecting 08:39 -!- ariana_ [~ariana@8.22.83.151] has joined #openvpn 08:43 -!- anathaema [~ariana@8.22.83.151] has quit [Ping timeout: 252 seconds] 08:45 <@vpnHelper> RSS Update - forum: UDP working fine , TCP not connecting 08:46 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has quit [Ping timeout: 244 seconds] 08:50 -!- ariana_ [~ariana@8.22.83.151] has quit [Read error: Connection reset by peer] 08:50 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 08:55 -!- hceylan [~hceylan@213.248.153.186] has joined #openvpn 08:55 < hceylan> In network gnome-netmwork-manager it won't allow me to create a username/password connection without a CA Certificate 08:56 < hceylan> it seems that this is supported by open vpns based on this http://openvpn.net/index.php/open-source/documentation/howto.html#auth 08:56 <@vpnHelper> Title: HOWTO (at openvpn.net) 08:57 < hceylan> is there a way to alter network-manager config file and remove the dummy certificate I put in to force the entry window to enable save button? 09:02 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has joined #openvpn 09:11 <@dazo> !nm 09:11 <@dazo> !networkmanager 09:11 <@dazo> hmm 09:12 <@dazo> hceylan: don't trust network-manager ... that's not something we support here, it's a project of the network-manager guys 09:13 <@dazo> openvpn supports much more than network-manager will ever support in it's UI 09:13 <@dazo> http://openvpn.net/archive/openvpn-users/2008-01/msg00046.html 09:13 <@vpnHelper> Title: Re: [Openvpn-users] Importing an OpenVPN configuration file in Network Manager (at openvpn.net) 09:14 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has quit [Ping timeout: 255 seconds] 09:15 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 09:17 -!- hceylan [~hceylan@213.248.153.186] has quit [Ping timeout: 240 seconds] 09:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 09:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 09:22 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has joined #openvpn 09:32 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has quit [Quit: aegidos] 09:39 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has quit [Ping timeout: 252 seconds] 09:39 -!- S1lv3R [~ben@178-83-34-83.dynamic.hispeed.ch] has quit [Quit: Lost terminal] 09:40 < Dougy> hello all 09:41 < krzee> sup doug 09:43 -!- __nolife [~Lirezh@83-64-53-66.kocheck.xdsl-line.inode.at] has joined #openvpn 09:44 < Dougy> hey jeff 09:44 < Dougy> whats new 09:46 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 09:50 <+EugeneKay> I got Sieve working. Kinda. 09:52 < krzee> not much Dougy just working and getting ready for a lil vacation 09:58 -!- JPeterso2 [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 09:59 -!- Axeman2 [~Axeman3@198.105.46.46] has joined #openvpn 09:59 -!- Axeman2 [~Axeman3@198.105.46.46] has quit [Changing host] 09:59 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 09:59 -!- mode/#openvpn [+v Axeman2] by ChanServ 10:00 -!- mocas__ [~mocas@87.196.251.242] has joined #openvpn 10:01 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Ping timeout: 248 seconds] 10:01 -!- JPeterso2 is now known as JPeterson 10:03 -!- mocas_ [~mocas@87-196-118-159.net.novis.pt] has quit [Ping timeout: 255 seconds] 10:13 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Read error: Operation timed out] 10:14 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:16 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:18 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 255 seconds] 10:18 <@vpnHelper> RSS Update - forum: Site to Site problems. 10:22 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 10:23 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 10:23 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:23 < S1lv3R> !configs 10:24 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:25 < S1lv3R> !paste 10:25 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 10:26 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Remote host closed the connection] 10:27 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 10:28 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Read error: Operation timed out] 10:33 < S1lv3R> anyone german here? 10:34 <@ecrist> yes, there are 10:34 <@ecrist> this is an english-speaking channel, though. 10:35 < S1lv3R> Ok i will try it with my bad englisch (o; 10:36 < hyper_ch> http://www.google.com/translate 10:36 <@vpnHelper> Title: Google Translate (at www.google.com) 10:36 < S1lv3R> OVPN Server is running i can login to my OVPN Server with my mobile device but Internet isnt working here my Server.conf http://de.pastebin.ca/2099597 and my Client.conf http://de.pastebin.ca/2099598 10:39 < S1lv3R> Its an Firewall problem? 10:41 < hyper_ch> !welcome 10:41 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:41 < hyper_ch> !configs 10:41 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:42 < S1lv3R> !route 10:42 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 10:43 < S1lv3R> anyone ideas? The Config files are good? 10:44 < krzee> please when you post configs, do it like this: 10:44 < krzee> !configs 10:44 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:44 < krzee> without all the comments 10:44 < krzee> do that and ill look =] 10:45 < krzee> also 10:45 < krzee> !goal 10:45 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 10:47 < S1lv3R> sry i was post the config files [17:36:58] my OS Debian i use the the source from Debian and I would like to access the internet over my vpn. My Mobiledevice is my HTC DHD 10:47 < S1lv3R> Server.conf http://de.pastebin.ca/2099597 and my Client.conf http://de.pastebin.ca/2099598 10:47 < krzee> i dont think you noticed the important part 10:47 < krzee> !configs 10:47 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:47 < krzee> please remove the comments before posting 10:48 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Connection reset by peer] 10:48 < S1lv3R> arggs sry 10:48 < krzee> your config file is 300 lines, there are likely no more than 20 config entries in that 300 lines, i will not be reading 300 lines to find 20 that matter 10:48 < krzee> np 10:49 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 10:49 < S1lv3R> Srever.conf http://de.pastebin.ca/2099604 10:50 < krzee> perfect, and client 10:50 < krzee> you should change the subnet in --server 10:50 < krzee> from 10.0.0.0 to something less common, like maybe 10.8.0.0 10:50 < S1lv3R> http://de.pastebin.ca/2099605 10:51 < krzee> after you have done that, and reconnected, tell me 10:53 < S1lv3R> ok Connected to my Server HomeIP as 10.8.0.6 but it isnt working again 10:57 < S1lv3R> done 11:00 < krzee> ok 11:00 < krzee> can you ping 10.8.0.1 from the phone? 11:01 < S1lv3R> yes 11:01 < krzee> ok good 11:02 < krzee> now on the server 11:02 < krzee> cat /proc/sys/net/ipv4/ip_forward 11:02 < krzee> what does that output? 11:02 < S1lv3R> zero 11:03 < krzee> ok thats a problem 11:03 < krzee> !linipforward 11:03 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 11:06 < S1lv3R> ok now its on 1 perma 11:06 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Quit: Leaving.] 11:08 < krzee> did you config NAT yet? 11:08 < S1lv3R> it isnt working again krzee 11:08 < krzee> !linnat 11:08 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 11:10 < S1lv3R> krzee i love ya (o; It was an NAT Problem ^^ 11:12 < krzee> well it was both ;] 11:13 < krzee> ip forwarding and nat 11:19 -!- Kurogane [~Kurogane@190.62.87.115] has joined #openvpn 11:23 < Kurogane> Is possible to have a user system where can have login and restrict banwitdh also speed use for the user? 11:25 < krzee> see --shaper or use your firewall for that 11:32 < Dougy> krzee: 11:32 < Dougy> where you off to? 11:32 < Dougy> vaca wise 11:32 < krzee> usa, maybe some peru and brazil 11:33 -!- BenLue [NoMail@178-83-34-83.dynamic.hispeed.ch] has joined #openvpn 11:33 < vect0rx> where you visitng the US from krzee? 11:33 < krzee> caribbean 11:34 < vect0rx> oh nice. I was in jamaica this last July 11:34 < vect0rx> (from northwest US) 11:34 < krzee> ahh im from cali 11:35 < vect0rx> same.. born and raised. sad I've never lived more than about a 25mi diameter from SJ where I was born :) 11:35 < vect0rx> but the tech work is here. 11:35 < krzee> well depending 11:35 < krzee> plenty of tech work left in the sj area 11:35 < krzee> but ya, plenty up north too 11:35 < pwrcycle> krzee: where are you visiting? 11:35 < krzee> hows the rain treatin ya? ;] 11:36 < krzee> easier to say a place and ask if ill be headed that way 11:36 < pwrcycle> DC? 11:36 < vect0rx> not too wet right now.. strange fog some nights.. odd ca weather. high 30s-low 50s so "cold" for CA 11:36 < krzee> nah, closest to there would be NY or FL 11:36 -!- S1lv3R [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [Ping timeout: 260 seconds] 11:37 -!- dangergrrl [~ariana@8.22.83.151] has joined #openvpn 11:44 < Kurogane> krzee, --shaper as understand is for speed, good here, but what about bandwidth use? for example give a user only can use 50GB in a month 11:47 < vocis> These days licenses are just as hard to work with as patents 11:47 < vocis> hola, sorry, wrong # 11:49 -!- dangergrrl [~ariana@8.22.83.151] has quit [Ping timeout: 260 seconds] 11:51 <@dazo> Kurogane: traffic shaping and bandwith limiting is not the task of a VPN ... that's the task of a router/gateway ... Compared to the "physical world", OpenVPN is basically virtual network adapters + the cable in between 11:51 -!- hceylan [~hceylan@213.248.153.186] has joined #openvpn 11:51 <@dazo> Kurogane: --shaper is also very poorly implemented, and there are no big efforts into improving that ... as there are better tools for that job 11:52 < Kurogane> dazo, for example? what tools 11:52 <@dazo> tc? 11:53 < Kurogane> tc? 11:54 <@dazo> traffic control, tc, which is available in most Linux distros these days 11:54 < Kurogane> lets me check 11:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:56 <@dazo> iirc, it's a part of iproute2 12:00 < Kurogane> the tc? 12:05 <@dazo> yeah 12:07 < BenLue> krzee is this normal i have the same ip with my mobile DHD and my Windows Client when im loginto the ovpn Server? 12:08 < krzee> you using the same cert for each...? 12:08 < BenLue> yes 12:08 < krzee> dont 12:09 < BenLue> i need create new cert? 12:09 < krzee> ya, one per client 12:09 < BenLue> okay 12:13 < Kurogane> dazo, i look a bit for tc, i see the limit only can use for a interface, is possible to base in IP, because i going to use for IP (by users) i don user if possible to limit bandwith by IP, If not, what app recomend me to do this? only use x bandwith in a month and reset every month. 12:13 <@dazo> Kurogane: I've never needed to restrict bandwidth, so I dunno these details 12:14 < krzee> firewall can do it 12:14 < krzee> same way you would for members of a lan 12:14 <@dazo> but iirc what I've read about tc ... you use some extra tricks in addition which tags packets based on IP ... then tc picks it up and rate limit the flow 12:15 <@dazo> krzee is right, this tagging happens in the firewall 12:15 < krzee> its not an openvpn issue at all 12:15 < Kurogane> krzee, if not mind, can you share a little example for a firewall? 12:15 < krzee> if you can do it outside openvpn, you can do it in openvpn 12:16 < krzee> nope, ive never needed to, im just letting you know its not openvpn related 12:16 < krzee> so that you can also try in some channels related to the firewall of your choice 12:18 < BenLue> ./build-key ben was working but now ./build-key julia isnt working. Whats wrong? 12:18 < BenLue> root@S3DEBSRV01:/etc/openvpn/easy-rsa/2.0# ./build-key julia 12:18 < BenLue> Please edit the vars script to reflect your configuration, 12:18 < BenLue> was edited 12:19 < Kurogane> krzee, but in the case i set it 10gb can use, and use it in 20 days, what happen? of course not let you download more, its reset in anyway that rule? 12:21 < Kurogane> automatic of course. 12:29 < krzee> Kurogane, as i mentioned, i dont use that stuff, which is why im helping people in #openvpn and not in #iptables ;] 12:30 < krzee> "iptables bandwidth limit lan" looks promising in google 12:31 < krzee> but if i needed what you're asking about, ild be in #iptables or whatever channel was related to the firewall i was using 12:32 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 12:41 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:42 <@vpnHelper> RSS Update - forum: Openvpn-install.exe commandline options 12:42 < takamichi> Does the Linux client care whether the config files are named .conf or .ovpn? 12:42 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 12:43 < krzee> openvpn itself does not, but the OS startup scripts want it named .conf 12:44 < takamichi> krzee: What OS startup scripts? 12:44 < krzee> did you install via the os package manager? 12:44 < takamichi> yes 12:45 < krzee> then it installed scripts to start openvpn on boot 12:45 < krzee> init.d scripts 12:45 < takamichi> I'm just trying to work out whether I need to distribute two sets of config files to our users to cover both Linux and Windows clients. 12:46 < krzee> well you may find that windows clients need extra options too, depend on what you're doing 12:46 < takamichi> krzee: I'm referring to the client config files 12:46 < krzee> im aware of that 12:47 < takamichi> Ok, that makes sense, yes the Windows machines to need additional options. Silly me, Thanks Krzee. 12:47 < BenLue> whats the name from Ovpn Webinterface for Debian? 12:48 < krzee> there isnt one, at least no official one 12:50 < BenLue> is the name OpenVPN Access Server? 12:50 < krzee> oh ok 12:50 < krzee> !AS 12:50 <@vpnHelper> "AS" is please go to #OpenVPN-AS for help with Access-Server 12:50 < krzee> thats commercial 12:50 < BenLue> okies 12:50 < BenLue> nonefreesoftware? 12:51 < krzee> nah AS is commercial 12:51 < krzee> by the corp that makes openvpn 12:52 < krzee> i've heard very good things about it 12:56 -!- shteyngart [thumper@i.dont.get.mad.i.get.stabby.net] has quit [Quit: leaving] 12:57 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 12:59 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 13:01 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 13:02 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:03 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has joined #openvpn 13:03 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has quit [Changing host] 13:03 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:07 < BenLue> question: what the correct path when i saved all files from my Mobile Device in openvpn/Julia 13:07 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:08 < BenLue> ca Julia/ca.crt isnt working 13:08 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 13:08 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 13:08 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:08 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:14 -!- dazo is now known as dazo_afk 13:17 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 13:18 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 13:20 -!- warik [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has joined #openvpn 13:23 < warik> hi! quick question, how can I check how many client are currently connected to the server ? thanks! 13:27 -!- astrostl_ [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:30 -!- beerbro is now known as Yarph-ar-ti 13:40 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server 13:45 -!- hceylan [~hceylan@213.248.153.186] has quit [Remote host closed the connection] 13:46 < hyper_ch> warik: ping the server on the vpn ip 13:52 < BenLue> OKay other way 13:53 < BenLue> I have create for few minutes new Client.crt 13:54 -!- pierreghz [~pierreghz@cust-141-74-111-94.dyn.as47377.net] has joined #openvpn 13:54 < BenLue> I need 1 for Client2. I need only ./build-key Client2 ? 13:54 < BenLue> ore i must ./build-dh again? 13:55 -!- hceylan [~hceylan@213.248.153.186] has joined #openvpn 13:56 < krzee> do you know what build-dh does? 13:56 -!- hceylan [~hceylan@213.248.153.186] has quit [Client Quit] 13:56 < krzee> warik, could use a status file, or the management interface 13:57 < BenLue> i need Diffie Hellman Parameter only for Ovpn Server! 13:59 < rawplayer> ok! 14:00 -!- `Ile` [~kvirc@93-87-242-236.dynamic.isp.telekom.rs] has joined #openvpn 14:01 -!- `Ile` [~kvirc@93-87-242-236.dynamic.isp.telekom.rs] has quit [Client Quit] 14:02 -!- krantz [~gustav.kr@h-176-10-236-148.na.cust.bahnhof.se] has quit [] 14:42 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Read error: Operation timed out] 14:44 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has joined #openvpn 14:44 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:45 < Reihar_> Hi 14:50 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 14:51 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has quit [Ping timeout: 258 seconds] 14:51 < krzee> BenLue, correct =] 14:54 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 15:00 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 248 seconds] 15:02 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 15:03 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has joined #openvpn 15:03 < Reihar_> Hi 15:03 < Reihar_> I've got a problem with openvpn 15:03 < Reihar_> I'm using it over an http proxy 15:04 < Reihar_> and until today it was working fine 15:04 < Reihar_> but suddenly it stopped working 15:04 < Reihar_> and says that it can authentificate to the proxy 15:05 < Reihar_> HTTP proxy returned: 'HTTP/1.0 407 Proxy Authentication Required' 15:05 < Reihar_> I haven't changed anything in my config 15:05 < Reihar_> and I still can connect to the proxy 15:05 < Reihar_> using my web browser 15:07 -!- patelx [~chirayu@openvpn/corp/admin/patel] has joined #openvpn 15:07 -!- mode/#openvpn [+o patelx] by ChanServ 15:09 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has joined #openvpn 15:10 < Reihar_> Here is my config : http://pastie.org/3133724 15:19 < Reihar_> May anyone help me please ? 15:22 -!- babble [~coyote@unaffiliated/coyote] has joined #openvpn 15:23 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Read error: No route to host] 15:25 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 15:25 -!- mode/#openvpn [+o mattock] by ChanServ 15:25 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Remote host closed the connection] 15:27 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has joined #openvpn 15:28 < krzie> Reihar_, and when you use the browser, do you need to auth? 15:28 < Reihar_> yes 15:28 < Reihar_> I type my username and my password 15:29 < Reihar_> and it works 15:29 -!- aegidos [~admin@p54B5A46C.dip.t-dialin.net] has left #openvpn [] 15:31 < Reihar_> krzie: I'm using freenode webchat on my browser on that connection. 15:39 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Remote host closed the connection] 15:40 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 15:41 -!- Kurogane [~Kurogane@190.62.87.115] has quit [Quit: Saliendo] 15:48 -!- dollabill [~mike@199.44.8.98] has quit [Ping timeout: 252 seconds] 15:56 < BenLue> krzee were can i see who is connected on my ovpn server?` 15:56 < BenLue> /etc/init.d/openvpn status isnt working 16:00 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 16:00 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 16:01 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has joined #openvpn 16:01 < fries> Hi there, is anyone here running openvpn on android? 16:02 -!- patelx [~chirayu@openvpn/corp/admin/patel] has quit [Quit: patelx] 16:04 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has quit [Client Quit] 16:04 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has joined #openvpn 16:06 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has left #openvpn [] 16:08 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has joined #openvpn 16:10 < krzie> Reihar_, give openvpn the auth info 16:11 < Reihar_> krzie: how ? 16:11 < krzie> by looking at the manual 16:11 < krzie> !man 16:11 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 16:12 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Quit: Ex-Chat] 16:12 < fries> Hi, is anyone here running openvpn on android? 16:13 < krzie> ask a more specific question 16:14 < fries> I'm the guy who ported it to android quite a while ago. I'd like to do an update and need some testers. 16:14 < krzie> badass, i thought i recognized that handle 16:14 < krzie> i use it on android daily 16:14 < krzie> although not with a gui 16:15 < fries> nice! 16:16 < fries> well I didn't have very mich time during the last year, but it seems openvpn on android is used widely. But there are still some issuesm especially when installing open vpn. 16:16 < krzie> ild love to see a config file import option 16:17 < fries> In OpenVPN Settings? 16:17 < krzie> oh wait nm that was cm7 16:17 < krzie> my bad 16:17 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has joined #openvpn 16:18 -!- zeshooem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Read error: Connection reset by peer] 16:18 < fries> thing is, when I built openvpn there was an issue with androids native ifconfig. That is the reason busybox is required. 16:18 -!- mode/#openvpn [+v fries] by ChanServ 16:18 < BenLue> fries yes 16:19 < BenLue> u need rooted your Devices 16:19 < BenLue> ^^ 16:19 < krzie> BenLue, he made the android app ;] 16:19 < BenLue> ahh okay ^^ 16:20 < BenLue> krzee were can i see who is connectet on my Server? I cant find the cmd in man 16:20 <+fries> I'd like to build a version working with the native ifconfig tool if possible but would need some testers to see if it really works with various configs. 16:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 16:20 < BenLue> great 16:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 16:20 < krzie> BenLue, like i said before, status file or management interface, both are in the manual ;] 16:21 < krzie> !management 16:21 <@vpnHelper> "management" is (#1) see http://openvpn.net/management for doc on management interface or (#2) read http://svn.openvpn.net/projects/openvpn/obsolete/BETA21-preauto/openvpn/management/management-notes.txt if you are a programmer making a GUI that will interact with OpenVPN 16:21 < krzie> and --status / --management in the manual 16:21 < krzie> fries, see priv msg 16:21 < krzie> fries, and ild be happy to test cm7 for ya 16:22 < krzie> although cm7 has its own ovpn interface, it is quite inferior to ovpn settings imho 16:22 < krzie> oh... but cm7 has busybox too 16:22 -!- lusis [u2537@gateway/web/irccloud.com/x-opglpxhhlkmspano] has quit [Remote host closed the connection] 16:23 <+fries> krzi didn't get one 16:26 <+fries> on cyanogen it's not really an issue, because the working binary is preinstalled. The issue is with the rooted devices running stock. 16:27 -!- lusis [u2537@gateway/web/irccloud.com/x-wsgjjcibaoagypvc] has joined #openvpn 16:27 <@vpnHelper> RSS Update - forum: Site to Site problems. 16:28 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:28 <+fries> I have no idea what problems might occur with a new binary and there is basically no communication channel between the user und me. 16:29 <+fries> krzie when I have built a new binary i would advertise it here. So you and others could test it. Would thet be OK? 16:29 < BenLue> krzee i see 10.8.0.6,chris,extip:62418,Thu Jan 5 23:23:05 2012 16:30 < BenLue> when i try to going the shares i see only my own Shares 0.O 16:30 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:30 < BenLue> i understud the world *lol* 16:32 < krzie> fries, certainly, ill add it to my bot 16:32 < krzie> !android 16:32 <@vpnHelper> "android" is (#1) CyanogenMod includes an integrated OpenVPN client. You will need a !p12 to load your certificates. or (#2) If you can't get CM, get root/busybox/tun and grab android-openvpn-installer + openvpn-settings from Market 16:32 -!- pierreghz [~pierreghz@cust-141-74-111-94.dyn.as47377.net] has quit [Quit: Quitte] 16:33 <+fries> krzie thank you 16:36 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 16:39 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds] 16:46 <+fries> bye 16:46 -!- fries [~fries@pD9FBF821.dip.t-dialin.net] has left #openvpn [] 16:47 < BenLue> hmmmm porblem is i cant ping Home Client1 to VPN Client 16:47 < BenLue> *problem can 16:48 < BenLue> When i try from Home Client2 to VPN Client ping isnt working 16:54 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-mtnanhmunfyuvqza] has quit [Read error: Connection reset by peer] 16:54 -!- lusis [u2537@gateway/web/irccloud.com/x-wsgjjcibaoagypvc] has quit [Read error: Connection reset by peer] 16:57 < BenLue> krzee ca.crt is by all user the same file? 17:03 -!- Reihar_ [c1324ff9@gateway/web/freenode/ip.193.50.79.249] has quit [Ping timeout: 258 seconds] 17:05 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 17:06 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 17:10 -!- fridim_ [~fridim@2a01:e35:2ece:f2d0:223:4eff:fe6c:c754] has quit [Ping timeout: 240 seconds] 17:14 < krzie> BenLue, 17:14 < krzie> !pki 17:14 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was signed 17:14 <@vpnHelper> specially as a server (see !servercert) 17:15 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 17:25 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 17:27 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 17:29 -!- Denial [Denial@drgi.co.uk] has quit [] 17:32 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 17:39 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Remote host closed the connection] 17:39 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 17:45 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 17:49 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Quit: pIRC v2.2 < Personal IRC Team > http://ircworld.ru and http://xirc.ru/] 17:54 < warik> how you do revoke only one key ? 17:56 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-xtgjlwlpoeavafvy] has joined #openvpn 17:56 -!- modsiw [~modsiw@c-69-254-97-12.hsd1.tn.comcast.net] has quit [Quit: Leaving] 18:05 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 18:15 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:15 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 18:15 -!- [1]netskay is now known as netskay 18:15 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 18:16 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 18:21 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:23 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 18:23 -!- [1]netskay is now known as netskay 18:29 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 18:30 < [1]netskay> hey guys 18:30 < [1]netskay> does anyone have a few minutes to spare and help me trouble shoot this server configuration 18:30 < [1]netskay> im tying to accomplish 18:31 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 18:32 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 18:32 -!- [1]netskay is now known as netskay 18:33 < netskay> does comcast by any chance block/filter incoming VPN server traffic? 18:34 <+EugeneKay> !crl 18:34 <@vpnHelper> "crl" is (#1) --crl-verify A CRL (certificate revocation list) is used when a particular key is compromised but when the overall PKI is still intact. The only time when it would be necessary to rebuild the entire PKI from scratch would be if the root certificate key itself was compromised. or (#2) you can make use of CRL by using the revoke-full script in easy-rsa (packaged with openvpn) that 18:34 <@vpnHelper> will create the CRL file for you. ssl-admin will also build a crl for you 18:34 <+EugeneKay> warik ^ 18:34 < netskay> i can connect just fine from within the LAN, i can also SSH to my server from my public IP, so not a routing issue; however, when i try and VPN through the public IP 18:34 < netskay> not happening 18:34 < netskay> connection refused error 18:34 <+EugeneKay> netskay - not heard any reports of such activity, but they're not called Cuntcast for nothing. 18:35 < netskay> ive made the post on here 18:35 < netskay> http://ubuntuforums.org/showthread.php?p=11587130#post11587130 18:35 <@vpnHelper> Title: [ubuntu] iptables routing - host inaccessible publicly - Ubuntu Forums (at ubuntuforums.org) 18:35 < netskay> with detailed info 18:35 < netskay> i even posted a question on serverfault.com 18:36 < netskay> for troubleshooting purposes, just now i placed the VPN server host behind one NAT router which has a public IP 18:36 < netskay> and placed the host server in the DMZ of the router 18:36 < netskay> tried switching ports 18:36 <+EugeneKay> "try and VPN through the public IP" 18:36 < netskay> iptables is disabled; and on the post ive made on the forums from yesterday, i have allowed ALL incoming/outgoing connections to the host 18:36 <+EugeneKay> Could you please rephrase your issue in the fort of a sentence? 18:36 <+EugeneKay> form* 18:37 < netskay> yea 18:37 < netskay> ok ill just tell u what i did just now 18:37 < netskay> disabled the iptables completely 18:37 < netskay> have openvpn running in TCP mode on port 5000 18:38 < netskay> and i have placed the VPN server behind a router which has a public ip address given to my comcast 18:38 < netskay> a simple linksys router 18:38 < netskay> with me so far? 18:38 < netskay> to me by* 18:38 <+EugeneKay> You're trying to run a VPN server from behind your home NAT router. 18:38 < netskay> yes 18:38 <+EugeneKay> Ok. So, where's the issue?\ 18:38 < netskay> the vpn server is in the DMZ of the router 18:38 < netskay> i dont know 18:38 < netskay> lol 18:39 < netskay> when im on the LAN, i can connect 18:39 < netskay> to the server 18:39 < netskay> perfectly fine 18:39 <+EugeneKay> "The enter key is not a punctuation mark." 18:39 < netskay> BUT 18:39 < netskay> when i try and connect via the public ip, i get an error connection refused 18:40 < netskay> even though the host is in the DMZ of the router, and ubuntu does NOT have iptables enabled 18:40 < netskay> i can ssh from from the public ip just fine though :/ 18:40 < netskay> i can ssh into the host when i use the public ip though 18:41 <+EugeneKay> I think you mean "ssh to the public IP" 18:41 < netskay> yes 18:41 <+EugeneKay> I presume that you have the ports for SSH and openvpn forwarded to the correct LAN host 18:41 < netskay> yes 18:42 <+EugeneKay> Verify that openvpn is actually running & listening. netstat -lptu 18:43 < warik> EugeneKay: thank you! 18:44 < netskay> tcp *:5000 state: listen 18:44 < netskay> so yes 18:44 < netskay> there is also 18:44 < netskay> udp *:openvpn 18:44 < netskay> state: NULL 18:45 <+EugeneKay> Are you running two openvpn instances? o.O 18:45 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 18:46 < netskay> yes, on 2 different ports 18:46 < netskay> 5000 and 1194 18:46 < netskay> could they be conflicting? 18:47 <+EugeneKay> If you're using the same --server config for both, that would cause routing problems. But you're not even getting that far in the connection process 18:47 < netskay> im using completely different set of configuration files 18:48 <+EugeneKay> TBQH, it sounds like something with your router's firewall. 18:48 <+EugeneKay> Spank that into working right. 18:48 < netskay> on diff ports, one pushing redirect-gateway on one subnet (192.168.4.0), the other just places the client on a lan under a separate subnet (192.168.3.0) 18:49 < netskay> hmm, i allowed VPN passthrough, i have placed the host in the DMZ as well as have ports forwarded 18:49 < netskay> so yea, i think it is the router 18:49 < netskay> on the ISP 18:49 < netskay> or* 18:56 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 18:56 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 18:56 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 19:00 < warik> EugeneKay: is there a way to change the bandwidth ? 19:06 -!- _julian_ [~quassel@hmbg-5f761fad.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:06 -!- _julian [~quassel@hmbg-5f77cf29.pool.mediaWays.net] has joined #openvpn 19:13 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:15 -!- UnterPerro_ [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 19:15 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Read error: Connection reset by peer] 19:15 -!- UnterPerro_ is now known as UnterPerro 19:15 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 19:39 -!- rkantos [~robin2@109.169.55.199] has quit [Read error: Operation timed out] 19:48 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 19:49 -!- babble [~coyote@unaffiliated/coyote] has quit [Quit: Leaving] 20:02 -!- warik_ [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has joined #openvpn 20:04 -!- warik [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has quit [Ping timeout: 255 seconds] 20:04 -!- warik_ is now known as warik 20:08 -!- rkantos [~robin2@109.169.55.199] has joined #openvpn 20:15 -!- BenLue [NoMail@178-83-34-83.dynamic.hispeed.ch] has quit [] 20:16 -!- rkantos [~robin2@109.169.55.199] has quit [Ping timeout: 248 seconds] 20:49 -!- warik [~warik@173-164-255-200-SFBA.hfc.comcastbusiness.net] has quit [Quit: warik] 20:58 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 21:13 <@vpnHelper> RSS Update - forum: Site to Site problems. 21:19 <@vpnHelper> RSS Update - forum: Problem connecting Windows 7 to OpenVPN 22:17 < netskay> . 22:20 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 22:20 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:23 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 22:30 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:42 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 22:55 -!- aegidos_ [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 23:03 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 23:04 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Remote host closed the connection] 23:17 -!- cyberspace- [20253@ninthfloor.org] has quit [Remote host closed the connection] 23:22 -!- lusis [u2537@gateway/web/irccloud.com/x-hsjmbwotaseamiwo] has joined #openvpn 23:23 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 23:27 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Quit: ZNC, Courtesy of OpenWRT] 23:43 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 23:45 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Client Quit] 23:47 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 23:59 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] --- Day changed Fri Jan 06 2012 00:35 -!- Zimsky [~Zimsky@rozznet.net] has quit [Ping timeout: 240 seconds] 00:36 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 00:56 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Remote host closed the connection] 01:03 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 01:07 -!- RichardBronosky_ [~RichardBr@slice1.bronosky.com] has quit [Ping timeout: 240 seconds] 01:07 -!- MrWGW [MrWGW@74.124.192.8] has quit [Ping timeout: 240 seconds] 01:08 -!- MrWGW [MrWGW@74.124.192.8] has joined #openvpn 01:12 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 01:37 -!- hilarie_ [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 01:37 < hilarie_> hello... W: GPG error: http://repos.openvpn.net lucid InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 8E6DA8B4E158C569 I can't get that to go away 01:38 < hilarie_> http://paste.ubuntu.com/794615/ 01:38 < hilarie_> I even got it to say it added 01:42 -!- hilarie_ is now known as hilarie 02:00 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has joined #openvpn 02:00 < resha> is it possible not to indicate on the server and client config tcp or udp? 02:00 < resha> is it possible not to indicate on the server and client config tcp or udp protocol? 02:06 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has quit [Quit: Page closed] 02:09 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 02:30 <@vpnHelper> RSS Update - forum: Radius cliients? 02:41 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:49 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 02:59 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 03:16 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 03:16 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 03:16 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 03:30 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:31 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 03:34 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 03:34 < Rene> Good morning all! :-) 03:40 < Rene> could someone point me into the right direction in finding some guides or even an howto on how to connect multiple servers into one network-segment (eg. 192.168.6.0), and then be able to connect with a client to the main openvpn-server, and be able to browse eg. smb-shares. I have now set up with client-to-client setting, but my concern is that i don't want to let clients to see each other. They should only see the servers... 03:45 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 03:45 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 03:45 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 03:45 <@vpnHelper> RSS Update - forum: Free providers? 03:45 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 03:47 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 03:55 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 04:01 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 04:07 -!- dazo_afk is now known as dazo 04:07 -!- Yarph-ar-ti is now known as beerbro 04:14 < hilarie> anyone on that can tell me what I did wrong with easy-rsa? http://paste.ubuntu.com/794703/ 04:19 < hilarie> stupid tarballs, got it, nvm 04:21 -!- master_of_master [~master_of@p57B554F9.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B54F91.dip.t-dialin.net] has joined #openvpn 04:24 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 04:35 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:38 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 04:49 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 252 seconds] 04:51 < gladiatr> !iroute 04:51 <@vpnHelper> "iroute" is does not bypass or alter the kernel's routing table, it allows openvpn to know it should handle the routing when the kernel points to it but the network is not one that openvpn knows about. This is only needed when connecting a LAN which is behind a client, and therefor belongs in a ccd entry. Also see !route and !ccd 04:51 < gladiatr> !route 04:51 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 04:56 -!- hilarie [~hilarie@206.223.198.157] has joined #openvpn 05:05 -!- hilarie [~hilarie@206.223.198.157] has quit [Ping timeout: 240 seconds] 05:12 <@dazo> Rene: have you looked at !howto and !man? For a quick fast path, look for --server and --topology 05:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 05:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:28 < gladiatr> !openbsd 06:00 <@dazo> hahaha! http://www.youtube.com/watch?v=ySdaJbgO5gc 06:00 <@vpnHelper> Title: Gwapos Professional DDOS Service - YouTube (at www.youtube.com) 06:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 06:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:07 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 255 seconds] 06:07 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 06:08 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 06:31 -!- hilarie [~hilarie@iptv-static-219-135.kpunet.net] has joined #openvpn 06:40 < Rene> dazo: thanks, i'll check at topology and server 06:42 < Rene> dazo: i remember that i read many years ago a howto with iptables and stuff for limiting uses from seing each other, but that they could see all servers with one vpn-connection.. now i run 3 different vpn-connections to reach every server.. 06:42 < Rene> it's a bit too much trouble :-) 06:43 <@dazo> Rene: yeah, that's basic iptables ... restrict your VPN clients based on IP address .... nothing else 06:44 <@dazo> performance wise, esp. if each of these tunnels have a lot of traffic, having separate daemons might provide better throughput ... esp. if you have a multi-core box and a scheduler which places each of these openvpn processes on each CPU core (or you use taskset) .... but it's a higher maintenance burden to such setups 06:57 < Rene> dazo: the servers are basically on the same server as virtual servers 06:57 < Rene> also they are in the same network.. 06:58 < Rene> it's mainly for maintaining config-files, source-files etc, so the tarffic is pretty limited 06:58 < Rene> do you know any "howto" for how to tweak iptables to work with the tap0-devices? 07:01 <@dazo> Rene: -i tap0 or -o tap0 ? 07:01 * dazo probably don't understand the question 07:01 < Rene> lol 07:01 < Rene> just pulling some hair :-) 07:02 < Rene> all servers run on tap0 07:02 < Rene> so i guess that both.. 07:03 -!- hilarie [~hilarie@iptv-static-219-135.kpunet.net] has quit [Quit: Leaving] 07:05 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has quit [Quit: Leaving] 07:13 <@dazo> Rene: this is basic iptables stuff, so this isn't the proper channel for it ... but in general to avoid client-to-client traffic with iptables ... you need to block that in the FORWARD chain 07:13 <@dazo> and FORWARD is the only chain which takes both -i and -o into consideration of rules .... INPUT chain have only -i available, and OUTPUT only -o 07:15 < Rene> dazo: ah, yes, you are right. did not think about that :-) Thanks! 07:23 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 07:38 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 07:40 -!- pierreghz [~pierreghz@cust-204-40-111-94.dyn.as47377.net] has joined #openvpn 07:43 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 07:55 -!- bauruine [~stefan@39-232.197-178.cust.bluewin.ch] has joined #openvpn 08:10 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 08:11 -!- takamichi [~pri@c254.adsl.inet-telecom.org] has joined #openvpn 08:19 -!- bauruine [~stefan@39-232.197-178.cust.bluewin.ch] has quit [Ping timeout: 252 seconds] 08:23 -!- aegidos_ [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos_] 08:27 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 08:39 -!- dazo is now known as dazo_afk 08:40 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:43 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 08:46 -!- dazo_afk is now known as dazo 09:14 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 09:23 <@vpnHelper> RSS Update - forum: WIN XP SP3 -Connected but cannot ping, but WIN 7 works fine. 09:26 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 09:30 -!- RichardBronosky [~RichardBr@slice1.bronosky.com] has joined #openvpn 09:34 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:34 -!- takamichi [~pri@c254.adsl.inet-telecom.org] has quit [Ping timeout: 240 seconds] 09:34 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:35 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:35 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 09:37 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 244 seconds] 09:41 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 09:41 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:41 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:41 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:42 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:42 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:43 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 09:43 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 09:43 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:45 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:45 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:48 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Client Quit] 09:54 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:55 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 09:55 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 09:55 < jeev> hmm 09:55 < jeev> my redirect-gateway isn't working on the andrizoid 10:04 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 10:05 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Client Quit] 10:06 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 10:17 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 10:22 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:24 -!- lusis [u2537@gateway/web/irccloud.com/x-hsjmbwotaseamiwo] has quit [Remote host closed the connection] 10:24 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-xtgjlwlpoeavafvy] has quit [Write error: Broken pipe] 10:26 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 240 seconds] 10:26 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:27 -!- lusis [u2537@gateway/web/irccloud.com/x-haiphigdimzvbise] has joined #openvpn 10:31 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-zuzroifaycuiqqus] has joined #openvpn 10:34 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:38 -!- axelm7 [~axelm10@186.135.11.123] has joined #openvpn 10:39 < axelm7> hi guys. anybody here running openvpn on a dd-wrt or openwrt router? 10:42 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 10:43 < axelm7> I would like to know what cipher I should use to get 1 mbps performance without using all my CPU on an Asus RTN16 (480mhz broadcom cpu) 10:44 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 11:11 <@dazo> axelm7: use blowfish 11:12 <@dazo> blowfish has the lowest CPU consumption, and somehow perform the same on almost every single CPU available 11:12 < axelm7> I am using blowfish too 11:14 <@dazo> axelm7: for performance stuff ... have a look here: https://community.openvpn.net/openvpn/wiki/Gigabit_Networks_Linux ... even though it covers 1gbit scenarios, the principles are the same for 1mbit ... even though you won't benefit that much with such high mtu values 11:14 <@vpnHelper> Title: Gigabit_Networks_Linux – OpenVPN Community (at community.openvpn.net) 11:26 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 240 seconds] 11:29 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 11:32 -!- dazo is now known as dazo_afk 11:41 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 11:51 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 11:56 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Quit: ErichG] 12:00 -!- Kendall [~gjones@ip-216-36-110-194.dsl.lax.megapath.net] has joined #openvpn 12:03 < Kendall> I'm trying to install OpenVPN 2.2.2 client on Windows 7 to connect to existing VPN; I installed openvpn in Compatibility mode for Windows Vista, ran the install program as an Administrator, placed the key and configuration files in C:\program files\openvpn\config. If I set the client.ovpn file to open with openvpn.exe, then all works fine. However, if I use openvpn-gui.exe, in Compatibility Mode and as an Administrator, it does no 12:05 < Kendall> also, are there any plans to improve the support for Windows 7 ? 12:09 < dioz> it does what? 12:15 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:17 < krzie> Kendall, your text got cut off 12:17 < krzie> we dunno what your problem was 12:18 < krzie> the config should be .ovpn 12:23 < Kendall> i hate when i do that..sorry.. 12:24 < Kendall> to finish my question: not seem to find the configuration file. The user is the computer Administrator account. What is the magic required to get openvpn-gui working ? 12:24 < Kendall> The command line program works, just not the GUI program 12:25 -!- axelm7 [~axelm10@186.135.11.123] has quit [Ping timeout: 252 seconds] 12:25 -!- lusis [u2537@gateway/web/irccloud.com/x-haiphigdimzvbise] has quit [Remote host closed the connection] 12:28 -!- lusis [u2537@gateway/web/irccloud.com/x-ulaezkimjiqwpenw] has joined #openvpn 12:31 -!- Kendall [~gjones@ip-216-36-110-194.dsl.lax.megapath.net] has quit [Ping timeout: 240 seconds] 12:41 -!- aegidos_ [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 12:42 -!- axelm7 [~axelm10@186.135.11.123] has joined #openvpn 12:44 -!- aegidos_ is now known as aegidos 12:50 -!- axelm7 [~axelm10@186.135.11.123] has quit [Quit: Leaving] 12:59 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 13:05 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:05 -!- scampbell [~scampbell@mail.scampbell.net] has joined #openvpn 13:16 <+EugeneKay> !winshortcut 13:16 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 13:16 <+EugeneKay> Oh, he's buggered off. 13:23 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Read error: No route to host] 13:25 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 13:28 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:29 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Client Quit] 13:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 13:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 13:43 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 13:49 -!- haggler [hnbc@pool-108-5-105-250.nwrknj.fios.verizon.net] has joined #openvpn 13:50 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 13:53 < haggler> hey guys. I have a successfull connection between my debian box (server) and windows 7 (client) however i am unable to mount any network locations. anyone have any ideas? 13:53 < haggler> i have proper config in /etc/exports and all 13:54 < haggler> i am relitivly new to open vpn but not debian/windows. i guess im struggling as to how to debug the issue 13:54 <+EugeneKay> !firewall 13:54 <@vpnHelper> "firewall" is (#1) please see http://openvpn.net/man#lbBD for more info or (#2) see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for brief notes on disabling firewall rulesets. 13:55 < haggler> thank you 14:00 < haggler> sweet i can ping now 14:00 < haggler> thats progress 14:01 < haggler> probably some sort of iptable 14:01 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 14:02 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 14:02 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:02 < haggler> once i get a successfull ping i can just add \\ip\share folder?? 14:02 < haggler> assuming all i need to do is edit /etc/exports to the proper ip/path 14:02 <@ecrist> no clue 14:02 <@ecrist> /etc/exports is for NFS 14:02 <@ecrist> \\ip\share is samba 14:03 <@ecrist> two totally different things 14:03 < haggler> ya thats probably my problem them 14:03 < haggler> need to use samba not nfs 14:04 <+EugeneKay> That wouuuld cause that issue. 14:04 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 14:06 < haggler> EugeneKay do you have a magic trigger for that ? :) 14:07 < haggler> kidding :) thanks guys 14:34 < haggler> cant any anything to show :( 14:38 -!- CorvetteZR1 [~scratchi@195.34.234.216.sta.connection.ca] has joined #openvpn 14:39 < CorvetteZR1> !welcome 14:39 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 14:39 < CorvetteZR1> !goal 14:39 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 14:42 < CorvetteZR1> Hi. i have an OpenVPN server with cryptodev engine enabled. in the case of windows openvpn clients, is it possible for them to take advantage of the crypto accelaration? as i understand the crypto needs to be enabled on both ends, but there is no cryptodev for it. any advice on how to enable crypto acceleration for road warriors? 14:42 < CorvetteZR1> * for it meaning Windows 14:50 -!- dollabill [~mike@199.44.8.98] has quit [Ping timeout: 252 seconds] 14:56 < haggler> maybe if i be more specific... i did start \\10.9.8.1 and was promted with a user/password 14:56 < haggler> im not sure what to use, i tried root pass for testing and it doesnt work :( 15:03 < haggler> did adduser samba, smbpasswd -a samba, and edited smbusers 15:04 < haggler> got it! 15:04 < haggler> cheers 15:06 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 15:13 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 15:17 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 15:17 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 15:17 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:20 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has joined #openvpn 15:27 -!- CorvetteZR1 [~scratchi@195.34.234.216.sta.connection.ca] has quit [Quit: Leaving] 15:34 -!- aegidos [~admin@p54B5A292.dip.t-dialin.net] has quit [Quit: aegidos] 15:54 -!- pierreghz [~pierreghz@cust-204-40-111-94.dyn.as47377.net] has quit [Quit: Quitte] 16:30 <@vpnHelper> RSS Update - forum: Error when importing a config - AUTHRPC_ERRBACK 16:46 -!- jason404 [~jason404@31-222-188-155.static.cloud-ips.co.uk] has joined #openvpn 16:47 < jason404> what sort of openvpn config would I need to connect to an amazon ec2 server? It seems to have an internal private IP adress which is different from its firewalled public IP address 17:05 -!- Denial [Denial@drgi.co.uk] has quit [] 17:13 <@vpnHelper> RSS Update - forum: multicast config 17:15 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Write error: Broken pipe] 17:27 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 17:35 -!- c0smic [~c0smic141@ip72-222-207-98.ph.ph.cox.net] has joined #openvpn 17:36 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 17:53 -!- danielsh [~danielsh@apache/committer/danielsh] has quit [Quit: danielsh] 18:00 -!- c0smic [~c0smic141@ip72-222-207-98.ph.ph.cox.net] has left #openvpn [] 18:35 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 18:44 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 18:56 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 18:59 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 19:02 -!- danielsh [~danielsh@apache/committer/danielsh] has joined #openvpn 19:03 -!- danielsh [~danielsh@apache/committer/danielsh] has left #openvpn [] 19:07 -!- _julian_ [~quassel@hmbg-5f764eef.pool.mediaWays.net] has joined #openvpn 19:08 -!- _julian [~quassel@hmbg-5f77cf29.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 19:59 -!- tjz [~pc@unaffiliated/tjz] has quit [Read error: Connection reset by peer] 20:18 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 20:18 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 20:18 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 21:16 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 21:17 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 21:17 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 21:22 < prg3> all 21:23 <+TJNII> none 21:49 <@vpnHelper> RSS Update - forum: Hope you can find a solution to this :) 22:03 -!- JG84 [~JoeGazz84@TechEssentials/JoeGazz84] has quit [Quit: У меня есть более важные дела, чем холостой здесь.] 22:16 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 22:17 < hilarie> before I copy and paste all my configs and stuff... is there a config change I should make from the example that tells my computer to actually use the vpn... I show it as connected, and ifconfig shows it exists, but I am not routing traffic over it at all 22:23 < hilarie> server config http://paste.ubuntu.com/795670/ 22:24 < hilarie> client config http://paste.ubuntu.com/795671/ 22:26 < hilarie> I don't know where to find logs :( 22:27 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 22:33 <+TJNII> hilarie: What host os? 22:33 < hilarie> both ubuntu 11.04 22:33 < hilarie> client ran through sudo, server ran as root 22:33 <+TJNII> hilarie: Look in /var/log/ 22:33 < hilarie> on client, or host? 22:33 <+TJNII> hilarie: Grep the comments out of those configs 22:34 <+TJNII> hilarie: Using the initscript, I assume? 22:34 <+TJNII> !configs 22:34 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 22:34 < hilarie> I don't know how to use the init scripts 22:35 < hilarie> what would it be in /var/log/ there is no openvpn 22:36 < hilarie> got to go( cab driver, have home) 22:40 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] 22:40 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 22:40 < hilarie> Sorry about that 22:41 <+TJNII> So how are you starting openvpn? 22:42 < hilarie> sudo openvpn --config client.conf 22:42 < hilarie> and on the server openvpn --config server.conf (no need for sudo as its root) 22:42 <+TJNII> Okay 22:43 <+TJNII> Can you please repaste your configs without comments? 22:43 < hilarie> Yeah, 22:45 < hilarie> http://paste.ubuntu.com/795682/ 22:45 < hilarie> client 22:46 <+TJNII> So I believe that should send the logs to syslog. 22:46 <+TJNII> Check in /var/log again. They're likely in /var/log/messages or whaever the Ubuntu equivalent is. 22:46 <+TJNII> I'd use grep to find them 22:48 < hilarie> http://paste.ubuntu.com/795684/ 22:48 < hilarie> server 22:49 <+TJNII> Yea, that should also be sending to syslog. 22:49 <+TJNII> Does ubuntu use rsyslog? 22:49 <+TJNII> I want to say Debian does, but I might be confusing it with Cent 22:50 < hilarie> in /var/log/messages only has Jan 7 04:39:50 hilarie -- MARK -- 22:50 < hilarie> a bunch of that 22:51 <+TJNII> Well, you can add a log line to your configs and give it a file. 22:51 <+TJNII> I try to avoid that as I prefer to use log daemons, but it will get you oging 22:51 < hilarie> your not seeing anything in the config that should be making the tunnel not work? 22:51 <+TJNII> Nothing is jumping out, but I was looking for log options. 22:52 <+TJNII> If you're going to debug, you need logs 22:52 <+TJNII> They'll tell you why the tunnel isn't working 22:52 < hilarie> k, log level 7 right? 22:52 <+TJNII> If you want. I prefer 4 22:53 <+TJNII> Lots of useful info but not per-packet noise 22:53 < hilarie> and uncomment, the log-append? 22:54 <+TJNII> Yes. Give it the filename you want to log to 22:56 < hilarie> http://paste.ubuntu.com/795688/ 22:56 < hilarie> server log 22:57 < hilarie> got another fair, brb 22:58 <+TJNII> Server looks up 22:58 <+TJNII> Try and connect, repaste both she server and client logs 22:58 <+TJNII> s/she/the/ 23:01 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 248 seconds] 23:33 <@vpnHelper> RSS Update - forum: Advice on openvpn deployment || Site to Site problems. 23:37 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has joined #openvpn 23:37 < hilarie> TJNII, you still here? 23:41 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 23:42 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 23:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 23:44 -!- hilarie [~hilarie@iptv-dhcp-198-157.kpunet.net] has quit [Ping timeout: 240 seconds] --- Day changed Sat Jan 07 2012 00:12 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 276 seconds] 00:12 -!- Zyclops [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has joined #openvpn 00:12 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 00:13 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 276 seconds] 00:13 -!- Mowee [~Mowi@lendabrain.net] has quit [Ping timeout: 276 seconds] 00:13 -!- Mowi [~Mowi@lendabrain.net] has joined #openvpn 00:13 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 00:14 < Zyclops> hey guys.. i've got a tunnelblick vpn configuration in a .conf file. I'm trying to use openvpn gui in windows 7 to configure the vpn. i've copied the .conf .key and .crt files across but i'm not sure about a couple of the configurations in the .opvn format. 00:14 < Zyclops> 1. is the ipconfig dev tun 00:15 < Zyclops> point-to-point ip link.. does that require configuration on the server? 00:33 -!- Zyclops [~Adium@ec2-176-34-56-205.ap-northeast-1.compute.amazonaws.com] has quit [Quit: Leaving.] 00:46 <@vpnHelper> RSS Update - forum: Windows 7 Client question 00:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:55 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has joined #openvpn 00:59 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has quit [Client Quit] 01:23 -!- scampbell [~scampbell@mail.scampbell.net] has quit [Read error: Connection reset by peer] 01:25 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has joined #openvpn 01:48 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has quit [Quit: aegidos] 01:55 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:03 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 03:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:15 <@vpnHelper> RSS Update - forum: Ubuntu 11.10 TUN help || unable to access openvpnas from Windows Server 2008 || IGMP || Problem connecting Windows 7 to OpenVPN || Windows 7 Client question || Site to Site problems. RSS Update - forum: Site to Site problems. 03:45 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 03:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:21 -!- master_of_master [~master_of@p57B54F91.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:23 -!- master_of_master [~master_of@p57B5538A.dip.t-dialin.net] has joined #openvpn 04:49 <@vpnHelper> RSS Update - forum: [solved] unable to access openvpnas from Windows Server 2008 05:49 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 05:50 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 05:50 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 05:55 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 06:01 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 06:07 <@vpnHelper> RSS Update - forum: [resolved] WIN XP SP3-Connected but cant ping, WIN 7 works 06:16 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 06:24 <+EugeneKay> Yawn. 06:26 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 06:30 -!- cpm [~Chip@64.134.242.152] has joined #openvpn 06:30 -!- cpm [~Chip@64.134.242.152] has quit [Changing host] 06:30 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:33 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn 06:37 <@vpnHelper> RSS Update - forum: only some traffic : disable push redirect-gateway 06:39 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 06:41 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 06:55 -!- jaminja [~jaminja@85.17.232.145] has joined #openvpn 06:55 -!- jaminja [~jaminja@85.17.232.145] has quit [Changing host] 06:55 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 07:12 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 07:33 -!- zeshooem [~zee@108.162.156.93] has joined #openvpn 07:36 -!- zeshoem [~zee@bas1-toronto46-1177856379.dsl.bell.ca] has quit [Ping timeout: 255 seconds] 07:45 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 08:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:22 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 08:25 -!- Netsplit *.net <-> *.split quits: Deathvalley122, prg3, @cron2, tabakhase 08:25 -!- Netsplit over, joins: @cron2, prg3, tabakhase, Deathvalley122 08:27 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 08:29 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:30 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:32 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:34 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:11 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 09:15 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 09:24 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 09:28 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has joined #openvpn 09:30 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 09:32 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:32 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 09:32 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has joined #openvpn 09:34 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Client Quit] 09:34 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 09:35 -!- iDiytto [~diytto@96.18.141.120] has joined #openvpn 09:36 -!- iDiytto [~diytto@96.18.141.120] has left #openvpn [] 09:48 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:49 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 09:54 <@vpnHelper> RSS Update - forum: Please Help- Login Window issues on Windows 7 64bit 10:07 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Read error: Connection reset by peer] 10:08 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 10:08 <+havoc> I should lab up my TUN conversion today 10:34 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 10:42 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 10:50 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:56 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 10:59 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Ping timeout: 276 seconds] 11:06 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 240 seconds] 11:07 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 11:15 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 11:16 -!- aegidos [~admin@p54B5AF73.dip.t-dialin.net] has quit [Quit: aegidos] 11:16 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 11:18 <@vpnHelper> RSS Update - forum: Newbee Help Please 11:24 <@vpnHelper> RSS Update - forum: [resolved] unable to access openvpnas from Win Server 2008 11:25 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Ping timeout: 240 seconds] 11:30 <@vpnHelper> RSS Update - forum: [resolved] Layer 2 bridging not working || [resolved] Subnet Conflicts 11:30 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 11:34 -!- jaminja [~jaminja@85.17.232.145] has joined #openvpn 11:34 -!- jaminja [~jaminja@85.17.232.145] has quit [Changing host] 11:34 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 11:36 <@vpnHelper> RSS Update - forum: web-Access via OpenVPN || WHS as internet gateway with Open VPN anonymisation service 11:40 < haggler> is there anyway to have 2 connections established at once without getting All TAP-Win32 adapters on this system are currently in use? 11:41 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 11:42 <@vpnHelper> RSS Update - forum: Date-Time stamp in log name || I Need Auto-reconnect when it drops connection || please help me 11:45 -!- MrWGW [MrWGW@74.124.192.8] has quit [Ping timeout: 240 seconds] 11:46 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has joined #openvpn 11:48 <@vpnHelper> RSS Update - forum: Assign Public Class C to client1 || automatic reconnect potable openvpn || openvpn connects with no traffic on win 7 64bit 11:54 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL || Help Creating a Configuration File || [resolved] download speed is VERY SLOW 12:00 <@vpnHelper> RSS Update - forum: unable redirect default gateway || openvpn connects with no traffic on win 7 64bit 12:06 <@vpnHelper> RSS Update - forum: Setup on server connected directly to WAN. || Disconnected after inactivity 12:12 <@vpnHelper> RSS Update - forum: TLS negotiation failed with UDP 12:18 <@vpnHelper> RSS Update - forum: Multiple Server Ports Problem 12:24 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 12:30 <@vpnHelper> RSS Update - forum: Bridging on Windows Server 2008 R2 12:36 <@vpnHelper> RSS Update - forum: OpenVPN with Google authenticator like 2FA (windows client) || Down script to fix route issue 12:48 <@vpnHelper> RSS Update - forum: breaking up Class C into four subnets || openvpn and source based routing || [resolved] Multiple clients on OpenVPN - Routing Issue 12:54 <@vpnHelper> RSS Update - forum: multicast config || [Help] Problem To Connect to the Server 12:55 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 12:55 -!- pierreghz [~pierreghz@cust-254-120-111-94.dyn.as47377.net] has joined #openvpn 12:56 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Client Quit] 13:00 <@vpnHelper> RSS Update - forum: Wrong routes set to the client || possible ways to establish ddns updates for openvpn clients 13:03 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 13:06 <@vpnHelper> RSS Update - forum: only some traffic : disable push redirect-gateway 13:12 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 13:15 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 13:15 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Client Quit] 13:18 <@vpnHelper> RSS Update - forum: OpenVPN and RRAS working together 13:24 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 255 seconds] 13:30 -!- sia^pwnnt [115kluu@owned.ninjasinpyjamas.biz] has quit [Read error: Operation timed out] 13:36 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 13:36 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 13:41 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- The professional IRC Client :D] 13:41 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 13:45 -!- sia^pwnnt [115kluu@owned.ninjasinpyjamas.biz] has joined #openvpn 13:49 <+EugeneKay> RSS update - pants: EugeneKay is wearing them 13:49 <@vpnHelper> Title: Eugene Kashpureff Home Live Camera ! (at kashpureff.org) 14:02 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 14:11 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:13 -!- Kurdo [~Kurdo@46.53.23.160] has joined #openvpn 14:20 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 14:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:31 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 14:33 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 14:33 -!- rkantos [~robin2@109.169.55.199] has joined #openvpn 14:35 -!- Kurdo [~Kurdo@46.53.23.160] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 14:47 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 14:48 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 14:48 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has joined #openvpn 14:54 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 15:15 -!- skynet-1000 [~skynet-10@unaffiliated/skynet2000] has joined #openvpn 15:24 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 15:30 <@vpnHelper> RSS Update - forum: automatic reconnect potable openvpn 15:34 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 15:35 -!- zeshooem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 15:36 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! || Windows 7 as OpenVPN server with redirect-gateway 15:48 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! 16:00 <@vpnHelper> RSS Update - forum: Can't find the solution to this anywere. Hope you can! || Port Forwarding by SQL 16:04 -!- corretico [~luis@190.211.93.11] has joined #openvpn 16:29 < haggler> is there anyway to have 2 connections established at once without getting All TAP-Win32 adapters on this system are currently in use? 16:29 -!- skynet-1000 [~skynet-10@unaffiliated/skynet2000] has quit [Quit: Leaving] 16:30 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 16:30 <@vpnHelper> RSS Update - forum: Newbee Help Please 16:32 -!- pierreghz [~pierreghz@cust-254-120-111-94.dyn.as47377.net] has quit [Quit: Quitte] 16:46 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 16:47 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 17:02 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 17:04 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 17:04 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 17:19 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 17:25 <@vpnHelper> RSS Update - forum: Error when importing a config - AUTHRPC_ERRBACK 17:42 -!- rkantos [~robin2@109.169.55.199] has quit [Read error: Connection reset by peer] 17:47 -!- rkantos [~robin2@109.169.55.199] has joined #openvpn 17:48 <+EugeneKay> haggler - there should be a shortcut in the OpenVPN program group to add a second adapter 17:50 <+EugeneKay> You need to have one tun/tap adapter per openvpn process. *nix handles this dynamically, but Windows is.... windowsy. 17:51 -!- mikkel [~mikkel@80-71-132-15.u.parknet.dk] has quit [Quit: Leaving] 17:53 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 17:56 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 18:03 -!- zeshoem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 18:05 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 18:06 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 18:11 <@vpnHelper> RSS Update - forum: OpenVPN and Android/Windows Client -- No IP Address 18:14 -!- Denial [Denial@drgi.co.uk] has quit [] 18:15 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 255 seconds] 18:18 -!- zeshoem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 18:20 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 18:24 -!- zeshoem [~zee@108.162.156.93] has quit [Read error: Connection reset by peer] 18:26 -!- zeshoem [~zee@108.162.156.93] has joined #openvpn 18:40 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 18:41 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 18:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 18:43 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 19:04 -!- _julian [~quassel@hmbg-5f765dcb.pool.mediaWays.net] has joined #openvpn 19:07 -!- _julian_ [~quassel@hmbg-5f764eef.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:35 <@vpnHelper> RSS Update - forum: Need routing help with ZyXEL USG router 19:58 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Quit: Lost terminal] 19:58 -!- jaminja [~jaminja@unaffiliated/jaminja] has joined #openvpn 19:58 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 20:16 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has quit [Read error: Connection reset by peer] 20:17 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has joined #openvpn 20:21 -!- mirco [~mirco@p57ACCD09.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 20:43 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Ping timeout: 260 seconds] 20:57 <@vpnHelper> RSS Update - forum: I Need Auto-reconnect when it drops connection 21:26 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has joined #openvpn 21:26 -!- simplechat [~simplecha@123-243-79-139.static.tpgi.com.au] has quit [Changing host] 21:26 -!- simplechat [~simplecha@unaffiliated/simplechat] has joined #openvpn 21:38 -!- lusis [u2537@gateway/web/irccloud.com/x-ulaezkimjiqwpenw] has quit [Remote host closed the connection] 21:38 -!- evilhackerdude [u1451@gateway/web/irccloud.com/x-zuzroifaycuiqqus] has quit [Remote host closed the connection] 22:21 <@vpnHelper> RSS Update - forum: Site to Site problems. 22:29 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:09 <@vpnHelper> RSS Update - forum: Newbee Help Please 23:28 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:30 -!- zeshoem [~zee@108.162.156.93] has quit [] 23:39 -!- corretico [~luis@190.211.93.11] has quit [Remote host closed the connection] 23:42 -!- corretico [~luis@190.211.93.11] has joined #openvpn 23:42 -!- Zyclops [~Adium@111.174.238.54] has joined #openvpn 23:43 -!- Zyclops [~Adium@111.174.238.54] has left #openvpn [] --- Day changed Sun Jan 08 2012 00:00 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 00:00 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Quit: Coyote finally caught me] 00:00 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 00:01 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 00:38 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 00:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 01:08 <@vpnHelper> RSS Update - forum: OpenVPN connection point-to-point 01:28 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 01:30 -!- jaminja [~jaminja@unaffiliated/jaminja] has quit [Ping timeout: 240 seconds] 01:45 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 01:50 <@vpnHelper> RSS Update - forum: Installing OpenVPn on MAC 10.6 01:52 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 01:52 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Client Quit] 01:56 <@vpnHelper> RSS Update - forum: OpenVPN is connected but does not work 02:03 -!- Cr4zi3 [killaz@staff.xbins.org] has quit [Ping timeout: 248 seconds] 02:03 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 02:08 <@vpnHelper> RSS Update - forum: Site to Site problems. 02:14 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 02:20 <@vpnHelper> RSS Update - forum: OpenVPN is connected but does not work 02:26 -!- simplechat [~simplecha@unaffiliated/simplechat] has quit [Remote host closed the connection] 02:32 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 02:59 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 03:00 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:17 -!- pk__ [~root@14.139.59.2] has joined #openvpn 03:18 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 03:18 < pk__> my vpn provider game me ca.crt client.conf files and a login password 03:19 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Ping timeout: 600 seconds] 03:20 < pk__> but everytime i start my computer i need to enter the id and password manually..is there any way so that i can write these login credentials in a file and openvpn automatically takes these 03:31 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 03:36 -!- pk__ [~root@14.139.59.2] has left #openvpn [] 03:53 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has joined #openvpn 04:00 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 04:02 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 04:02 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 04:07 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:18 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 04:19 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 04:21 -!- master_of_master [~master_of@p57B5538A.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 04:23 -!- master_of_master [~master_of@p57B544DA.dip.t-dialin.net] has joined #openvpn 04:24 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 05:00 <@vpnHelper> RSS Update - forum: Multiple Server Ports Problem 05:01 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 05:03 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 05:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 05:06 <@vpnHelper> RSS Update - forum: OpenVPN Elliptic Curves (SHA512, ECDSA, ECDH, Linux, Debian) 05:08 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 05:20 -!- `Ile` [~kvirc@178.222.141.204] has joined #openvpn 05:21 -!- `Ile` [~kvirc@178.222.141.204] has quit [Client Quit] 05:25 -!- Rene1 [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 05:36 <@vpnHelper> RSS Update - forum: Using web hosting account for VPN tunnel 05:48 <@vpnHelper> RSS Update - forum: I Can't Send PM 06:27 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 06:30 <@vpnHelper> RSS Update - forum: Port Forwarding by SQL 06:54 -!- catsup [~d@ps38852.dreamhost.com] has quit [Remote host closed the connection] 06:54 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn 08:15 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Ping timeout: 612 seconds] 08:17 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 08:21 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 08:30 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 08:32 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 276 seconds] 08:35 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:42 <@vpnHelper> RSS Update - forum: push "dhcp-option DNS ....." question 08:48 <@vpnHelper> RSS Update - forum: Routing Problem 08:56 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 09:01 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 09:01 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has joined #openvpn 09:01 -!- Gravitron [~admin@cpe-76-92-159-145.kc.res.rr.com] has quit [Changing host] 09:01 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:01 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:02 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Connection reset by peer] 09:07 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:12 -!- Rene1 [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 09:37 < dioz> i have it setup in debian this way-- client-cert-not-required, username-as-common-name 09:37 < dioz> so i don't need certs 09:38 < dioz> Options error: --client-cert-not-required must be used with --management-client-auth, an --auth-user-pass-verify script, or plugin <-- this is the error i get in freebsd 09:42 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 09:46 < dioz> nvm, i'm high 10:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 10:05 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 10:06 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 10:07 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 10:38 -!- brummel444 [~chatzilla@p5DDE7794.dip.t-dialin.net] has joined #openvpn 10:41 < brummel444> hi. i set up openvpn in bridge-mode. i can dial in with my client (iphone) and get an ip address of my local subnet, but the client cant be pinged or connect anywhere. what can i look at to locate the problem? 10:49 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 10:50 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:50 -!- tekzilla [~jon@hmbg-5f767659.pool.mediaWays.net] has joined #openvpn 10:53 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 11:07 < brummel444> hi. i set up openvpn in bridge-mode. i can dial in with my client (iphone) and get an ip address of my local subnet, but the client cant be pinged or connect anywhere. what can i look at to locate the problem? 11:07 < brummel444> i cant even see a connection attempt in wireshark 11:09 < brummel444> the client has the correct ip gateway.. also connecting to the servers webserver isnt possible, iptables is configured to allow all input traffic from br and tap device 11:27 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has quit [Remote host closed the connection] 11:28 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 11:31 < krzie> why are you bridging? 11:31 < krzie> also, are you sure iphone can do tap mode? i think it can not 11:31 < krzie> since it can only do tun via tunemu 11:42 < brummel444> i want to access data on my local network. hm.. thats possible. ill try another client. 11:46 < brummel444> no, tap should work, i looked it up 11:50 < krzie> you dont need tap for that 11:50 < krzie> !route 11:50 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 11:51 < krzie> but ya i see they did add tap to tunemu 11:59 < brummel444> i need the client to be in the same subnet like the local lan clients. im using plex media server. i can connect via wifi, but not via vpn (routing), dont know why, i guess the app allows only connections from the same subnet. so i need the client to act like physically connected to the same subnet. 12:00 < brummel444> it also didnt work using xl2tp/ipsec. thats why i conclude that i need a layer2 vpn. 12:02 < krzie> did it "not work" because your routing wasnt setup correctly...? 12:02 < krzie> since that doesnt just magically work... 12:02 -!- bergle [~bergle@c-68-63-42-110.hsd1.fl.comcast.net] has joined #openvpn 12:02 < krzie> you would need routes setup on the clients and ip forwarding on the server 12:04 < brummel444> i think i set that up correctly, since i could connect to the internet, the plex webinterfaces of the server. but i think on xl2tp/ipsec mdns doesnt get through the vpn.. perhaps thats why this configuration didnt work. 12:05 < brummel444> when i tried openvpn in routing mode, i could connect using a third-party app.. but not with the original ios plex client. so i think its just testing for same subnet 12:06 < krzie> ok maybe it uses some l2 then 12:06 < brummel444> l2? 12:06 < krzie> layer2 12:07 < krzie> the machine you need layer2 to is the server or a machine behind the server? 12:07 < brummel444> its the server 12:07 < krzie> try tap without bridge 12:07 < krzie> a normal routed tap 12:07 < brummel444> then i have different subnets 12:07 < krzie> i highly doubt it gives a damn 12:08 < krzie> and you dont need a bridge to have layer2 12:08 < brummel444> i did try that before, with a third party app it worked like that 12:08 < krzie> you would if it was a machine behind the server (on its lan) 12:08 < krzie> what you're assuming is happening makes no sense 12:08 < brummel444> but i think i need a bridge to get the clients to the same subnet right? 12:08 < krzie> what app are you using? 12:08 < krzie> the same subnet thing makes no sense at all 12:09 < brummel444> the plex app 12:09 < krzie> needing layer2 would make sense 12:09 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 12:10 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 12:12 < krzie> hah it really is that way 12:12 < krzie> hillarious 12:12 < brummel444> ? how did you find out? 12:12 < krzie> umm, google 12:12 < krzie> plex app iphone subnet vpn 12:12 < krzie> http://forums.plexapp.com/index.php/topic/35371-clients-cannot-connect-from-remote-network/ 12:12 <@vpnHelper> Title: Clients cannot connect from remote network - Plex Forums (at forums.plexapp.com) 12:12 < brummel444> they want to sell their myplex shit 12:13 < brummel444> so what i need is layer2 vpn bridge, then i just has to work 12:14 < krzie> looks like it, thats terribly done by them 12:14 < krzie> elan October 31st, 2011 11:00 am 12:14 < krzie> @Daniel: that too is a known issue, I didn?t post it because I believe a minority of people run VPNs, and the post was long enough as it was It?s on the list and we?ll fix it. 12:15 < krzie> http://elan.plexapp.com/2011/10/31/state-of-the-release-2/ 12:15 <@vpnHelper> Title: Plex » State of the release (at elan.plexapp.com) 12:15 < krzie> ArcSissy November 29th, 2011 5:23 am 12:15 < krzie> Please reinstate a login/pass model (token-free) version of Plex server en -App. 12:15 < krzie> I am using VPN to enter my personal Plex server over a additional subnet (VPN only) and therefore Plex Server is not available anymore. 12:15 < krzie> The older version rocked ? but I?m on the break of departing with Plex due to the new traffic warden situation. 12:15 < krzie> Please revert! 12:15 < krzie> ArcSissy 12:19 < brummel444> in my opinion they want to collect lots of user data 12:19 < krzie> the same subnet thing doesnt add to that 12:20 < brummel444> users will use myplex 12:20 < brummel444> and not a vpn 12:20 < krzie> sux for them 12:29 <@vpnHelper> RSS Update - forum: OpenVPN and Android/Windows Client -- No IP Address 12:59 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 13:05 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 13:07 -!- Rene [~Adium@cs181081047.pp.htv.fi] has quit [Quit: Leaving.] 13:08 -!- Rene [~Adium@cs181081047.pp.htv.fi] has joined #openvpn 13:23 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 13:27 < SviMik> hi all. I have a strange routing problem on client side (windows XP). I use redirect-gateway. after connecting everything works, but new route records are disappering after minute or two 13:28 < SviMik> VPN connection continue working, I can ping local addresses in VPN network. No messages in client nor server log. 13:30 -!- Rene [~Adium@cs181081047.pp.htv.fi] has left #openvpn [] 13:31 < SviMik> routes "0.0.0.0 128.0.0.0 10.116.192.1" and "128.0.0.0 128.0.0.0 10.116.192.1" just magically disappear with no reason... 13:34 < Olipro> SviMik: it's never magic 13:35 < Olipro> something is removing them 13:35 < SviMik> but if not openvpn, the who? it is clear windows installation, there is no software except openvpn 13:37 < Olipro> are you running openvpn with verbose logging? 13:38 < Olipro> if openvpn is doing it, it'll tell you 13:38 < SviMik> verb 4 13:38 < Olipro> are you using tun or tap 13:38 < SviMik> tap 13:38 < Olipro> on both ends right? 13:38 < SviMik> yes 13:39 < Olipro> I can think of the possibility that windows thinks 10.116.192.1 has become unreachable and is thus invalidating the route 13:39 < Olipro> which may actually be happening if it stops responding to ARP 13:39 < SviMik> but I can ping 10.116.192.1 after the route is removed 13:39 < Olipro> then check the openvpn log 13:40 < SviMik> nothing in log. last line is: Initialization Sequence Completed 13:43 < Olipro> ok, and on the physical and tunneled networks, are you running DHCP or anything along those lines 13:43 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 13:44 < SviMik> I found something. it happens only if I use Reconnect button in GUI 13:45 < SviMik> if I disconnect, wait some time, and then connect back - anything is ok 13:45 < Olipro> that sounds to me like the route is getting removed on disconnect, but isn't being re-added 13:53 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 13:55 < SviMik> Olipro why then routes are existing after reconnection? 13:55 < SviMik> and they disappear only after a minute 13:56 < Olipro> hm, that is interesting, I wonder if it's a race condition 13:56 < Olipro> if the GUI tells the existing process to exit without waiting for it to actually exit, that would make sense 13:56 < Olipro> although that seems like a long teardown time 13:58 < krzie> sounds like a bug for the trac 13:58 < krzie> !trac 13:58 <@vpnHelper> "trac" is (#1) see https://community.openvpn.net for development information and bug tracker. or (#2) if you have a forum login, use that for trac, its the same database. 13:59 < SviMik> I think it waits, because I see termination messages in log, and only then new process messages 14:02 < SviMik> krzie I'm even not sure how to reproduce it. 14:02 < krzie> oh 14:04 -!- brummel444 [~chatzilla@p5DDE7794.dip.t-dialin.net] has quit [Quit: ChatZilla 0.9.87 [Firefox 9.0.1/20111220165912]] 14:06 < SviMik> ok, I can write "click on the Reconnect button on Windows XP". but it looks silly. if this button really have a stable bug, it should be found already 14:07 < krzie> well if you cant reproduce it im quick to blame windows 14:07 < krzie> if you can, which i thought you could when i mentioned trac, then you have a bug ;] 14:08 < krzie> brb from krzee 14:08 < SviMik> but obviously a pause could be added there. it is playing with routes very fast, maybe causing some bugs in windows 14:10 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 14:13 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 14:13 < SviMik> yes, I can reproduce it. 14:16 < SviMik> bug "works" in xp sp2 and xp sp3, with any vpn server 14:29 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:35 < krzee> there ya go then! =] 14:36 < SviMik> ok, here is my story. http://svimik.com/ovpn_reconnect_bug.txt 14:36 < SviMik> maybe I post it later to trac 14:51 -!- BRkSYs [~t7DS@187.127.194.65] has joined #openvpn 14:55 <@vpnHelper> RSS Update - forum: VPN connection lost in seconds 15:07 <@vpnHelper> RSS Update - forum: Any OpenSolaris "dladm create-iptun" support for OpenVPN? 15:10 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 15:13 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:25 <@vpnHelper> RSS Update - forum: TCP Out of Order Problem 15:29 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 15:32 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 15:43 <@vpnHelper> RSS Update - forum: Routing LANs connected to VPN Server/client (default gw) 15:44 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Read error: Connection reset by peer] 15:45 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 15:49 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 15:56 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:57 -!- sia^pwnnt [115kluu@owned.ninjasinpyjamas.biz] has quit [Ping timeout: 240 seconds] 15:59 -!- BRkSYs [~t7DS@187.127.194.65] has left #openvpn [] 16:00 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:19 <@vpnHelper> RSS Update - forum: openvpn and source based routing 16:31 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 16:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 16:33 -!- sia^pwnnt [8440frag@owned.ninjasinpyjamas.biz] has joined #openvpn 16:40 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: I love my HydraIRC -> http://www.hydrairc.com <-] 16:41 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:44 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:46 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Ping timeout: 252 seconds] 17:12 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 17:16 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 17:16 -!- voidzero is now known as vocis 17:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 17:44 -!- ovid [~ovid@unaffiliated/ovid] has joined #openvpn 17:45 -!- voidzero [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 17:48 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 17:48 -!- voidzero is now known as vocis 18:08 <@vpnHelper> RSS Update - forum: Newbee Help Please 18:42 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 18:55 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Quit: pIRC v2.2 < Personal IRC Team > http://ircworld.ru and http://xirc.ru/] 19:00 -!- bergle [~bergle@c-68-63-42-110.hsd1.fl.comcast.net] has quit [Remote host closed the connection] 19:03 -!- _julian_ [~quassel@hmbg-4d06e74b.pool.mediaWays.net] has joined #openvpn 19:07 -!- _julian [~quassel@hmbg-5f765dcb.pool.mediaWays.net] has quit [Ping timeout: 276 seconds] 19:15 -!- tekzilla [~jon@hmbg-5f767659.pool.mediaWays.net] has quit [Ping timeout: 276 seconds] 19:17 -!- tekzilla [~jon@hmbg-5f7604b5.pool.mediaWays.net] has joined #openvpn 19:20 -!- jason404 [~jason404@31-222-188-155.static.cloud-ips.co.uk] has left #openvpn [] 19:24 -!- DrArcheh [~drarcheh@unaffiliated/drarcheh] has joined #openvpn 19:25 < DrArcheh> I'm trying to connect two hosts in point-to-point mode, both hosts have server certificate though. It seems that the tls-server only accepts client certificate for the remote peer 19:26 < DrArcheh> is there a way to change that? "remote-cert-tls server" doesn't seem to help 19:27 < krzee> in point-to-point mode, there are no certs 19:27 < krzee> just a static key 19:27 < krzee> !ptp 19:27 < krzee> erm 19:27 < krzee> !p2p 19:27 < krzee> !secret 19:27 <@vpnHelper> "secret" is funny that people use free programs, consult free help for them, run a business with them, but are restricted to say what they do. 19:27 < krzee> lol wrong secret 19:27 < DrArcheh> ah ok, i was using psk+certs 19:27 < DrArcheh> heh 19:28 < krzee> ya, ptp is just psk 19:28 < krzee> !forwardsecurity 19:28 < DrArcheh> is it actually ok to use psk+certs for client-server setups? or doesn't that make sense? 19:28 <@vpnHelper> "forwardsecurity" is (#1) in server/client mode with certs your key renegotiates (changes) every hour (by default), so if someone captures your traffic, and then gets your key, they can only decrypt the traffic within the timeframe since last renegotiation or (#2) in ptp mode (static key) you do not have this, so if someone gets your key they can decrypt ANY past traffic that they captured 19:28 < krzee> client/server uses pki, no psk 19:28 < krzee> basically, you never use both together 19:29 -!- Denial [Denial@drgi.co.uk] has quit [] 19:29 < DrArcheh> i figured using psk next to pki would stop the server from responding to random scans 19:30 < DrArcheh> but thanks :) 19:46 < krzee> oh 19:46 < krzee> !hmac 19:46 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls static key 19:46 <@vpnHelper> , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs 19:47 < krzee> thats what you were looking for 19:47 < krzee> it is a psk of sorts 19:47 < krzee> just you use it with --tls-auth instead of --secret 19:47 < krzee> and we call it hmac signature instead of psk ;] 19:48 < krzee> but ya, you are right =] 19:50 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 20:21 -!- skynet-2000 is now known as darkconer 20:22 -!- darkconer is now known as skynet-2000 20:22 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 21:10 <+EugeneKay> !noroot 21:10 <@vpnHelper> "noroot" is See !unpriv for a writeup by EugeneKay 21:10 <+EugeneKay> !unpriv 21:10 <@vpnHelper> "unpriv" is see https://community.openvpn.net/openvpn/wiki/UnprivilegedUser for a write-up by EugeneKay on how to run OpenVPN without root/admin permissions. 21:10 < krzee> hey awesome! 21:13 <+EugeneKay> Mrh? 21:13 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 21:24 <+EugeneKay> Yay, my own guide came in handy. 21:25 -!- danielsh [~danielsh@apache/committer/danielsh] has joined #openvpn 21:25 -!- danielsh [~danielsh@apache/committer/danielsh] has left #openvpn [] 21:45 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 21:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 21:56 <@vpnHelper> RSS Update - forum: how can we improve SEO on sites 22:02 <@vpnHelper> RSS Update - forum: I Can't Send PM || OpenVPN Setup help (HIRE) 22:38 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 22:47 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:40 <@vpnHelper> RSS Update - forum: VPN connection lost in seconds 23:51 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn --- Day changed Mon Jan 09 2012 00:01 -!- skynet2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:18 <@vpnHelper> RSS Update - forum: Newbee Help Please 00:30 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 00:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 00:38 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:41 -!- GHAI_ [~joti@cthulhu-isp.net] has joined #openvpn 00:42 -!- Olipro_ [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 00:44 -!- Mimiko [~mimiko@77.89.245.38] has joined #openvpn 00:46 -!- Xymski [~Zimsky@rozznet.net] has joined #openvpn 00:46 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has quit [Ping timeout: 240 seconds] 00:46 -!- Netsplit *.net <-> *.split quits: kloeri, +fremo, agagag, bragon, caemir, Zimsky, TypoNe, +GHAI 00:46 -!- Olipro_ is now known as Olipro 00:47 -!- Netsplit over, joins: agagag 00:49 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 00:49 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 00:49 -!- bragon [~Alexandre@81.93.247.165] has joined #openvpn 00:49 -!- TypoNe [~itsme@195.197.184.87] has joined #openvpn 00:49 -!- fremo [~fremo@noc.toile-libre.net] has joined #openvpn 00:49 -!- ServerMode/#openvpn [+v fremo] by hitchcock.freenode.net 00:51 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 00:51 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 00:54 -!- lusis [u2537@gateway/web/irccloud.com/x-ashkfjvhklwyetwa] has joined #openvpn 01:16 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 01:29 -!- Mimiko [~mimiko@77.89.245.38] has quit [] 01:34 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? || Openvpn config to allow IGMP traffic? 01:39 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Ping timeout: 252 seconds] 01:40 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 01:40 <@vpnHelper> RSS Update - forum: Routing LANs connected to VPN Server/client (default gw) || Advice on openvpn deployment 01:46 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access || Routing Problem 01:52 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 01:58 <@vpnHelper> RSS Update - forum: GetAdaptersInfo #2 failed 02:04 <@vpnHelper> RSS Update - forum: Routing LANs connected to VPN Server/client (default gw) || openvpn and source based routing 02:08 -!- dazo_afk is now known as dazo 02:10 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 02:24 -!- SOG [~SOG@168.70.16.99] has quit [Ping timeout: 248 seconds] 02:26 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has joined #openvpn 02:26 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has quit [Remote host closed the connection] 02:27 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 02:28 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:28 <@vpnHelper> RSS Update - forum: Want to establish VPN in a Organization Pease Help 02:32 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:53 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 02:55 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 02:58 <@vpnHelper> RSS Update - forum: Weird routing problem 03:03 -!- mape2k [~mape2k@2001:6f8:997:1000:221:86ff:fe98:93a2] has joined #openvpn 03:16 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:30 -!- chantra [~chantra@unaffiliated/chantra] has quit [Read error: Operation timed out] 03:33 -!- chantra [~chantra@unaffiliated/chantra] has joined #openvpn 03:40 <@vpnHelper> RSS Update - forum: ufw blocking connections 03:42 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 03:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:53 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 04:08 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 04:21 -!- master_of_master [~master_of@p57B544DA.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B55C85.dip.t-dialin.net] has joined #openvpn 04:29 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 268 seconds] 04:32 -!- rob0 [rob0@pdpc/valentine/postfixninja/rob0] has joined #openvpn 04:32 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 04:32 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 04:32 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:32 < rob0> !syslog 04:33 < rob0> I don't see in the man page where it is possible to change the syslog facility when in --daemon mode. Is it? 04:37 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:40 -!- bolovanos [~bb@38.213.broadband7.iol.cz] has joined #openvpn 04:40 < bolovanos> hi 04:40 -!- zux [~zux@195.13.186.54] has joined #openvpn 04:41 < bolovanos> win7 64bit, OpenVPN GUI v1.0.3 04:41 < bolovanos> I have problem to rewrite my old pem file with new one i got. it is caused by writing privileges on config directory. 04:41 < bolovanos> is there any possible way to tell to VPN that my actual pem file is somewhere else than in config directory. I have tried to reedit .config file, but it says that backslashes are not allowed. 04:41 < rob0> dazo, http://openvpn.net/archive/openvpn-devel/2005-01/msg00033.html ... 7 years ago, was this implemented? 04:41 <@vpnHelper> Title: [Openvpn-devel] syslog facility config choice (at openvpn.net) 04:41 < zux> looks like there was no answer 04:44 <@vpnHelper> RSS Update - forum: I Can't Send PM 04:45 <@dazo> rob0: yes, that's implemented ... has been in the source tree at least since the BETA21 days (2005) 04:45 <@dazo> rob0: but it's a compile time configuration 04:46 < rob0> I still don't see it in the man ... ah 04:46 < rob0> would be nice to be able to set that at run time :) 04:46 <@dazo> well, yeah ... not a high priority thing, but doable .... file a Trac ticket, and we won't forget it :) 04:47 < rob0> zux, --> job for you :) 04:48 < rob0> I might, if I get around to it. 04:48 < rob0> dazo, thanks. 04:49 < rob0> if I do it I'll include a man page patch 04:49 <@dazo> rob0: that'd be wonderful! 04:50 < zux> rob0, that would be just great :) 04:55 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 04:58 < zux> https://community.openvpn.net/openvpn/ticket/188 04:58 <@vpnHelper> Title: #188 (syslog facility config should be set in config file) – OpenVPN Community (at community.openvpn.net) 05:02 < rob0> okay, I'll try to remember to do a man page patch 05:06 < zux> and i'll just wait with my syslog needs :) 05:09 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 05:13 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Quit: ZNC - http://znc.in] 05:14 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 05:19 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 05:20 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 05:31 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn 05:33 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 05:34 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 05:42 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 05:46 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has joined #openvpn 05:49 -!- Ehaa86 [~eivind@gore.copyleft.no] has joined #openvpn 05:51 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Remote host closed the connection] 05:56 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 05:56 < Ciph> !welcome 05:56 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 05:56 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 05:57 < Ciph> !configs 05:57 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 05:58 < Ciph> hi im having a issue using openvpn with openwrt, im getting read UDPv4: Connection reset by peer (WSAECONNRESET) (code=10054) 05:59 < Ciph> i have followed this guide, opened up port etc http://wiki.openwrt.org/inbox/vpn.howto 06:01 < hyper_ch> !howto 06:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:06 <@vpnHelper> RSS Update - forum: Auto disconnect 06:13 < Ehaa86> !route 06:13 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 06:18 <@vpnHelper> RSS Update - forum: Weird routing problem 06:21 < Ehaa86> I have a bit of a problem. I've created a new OpenVPN-server. Same config as all my old ones (which work like a charm.) I use "push "redirect-gateway def1"" to make all traffic go through the openvpn-server. But the clients gets the default gateway "10.0.1.5" (which doesnt respond/work.) If i manually force the gateway to 10.0.1.1 everything works like a charm. Does anyone have any idea on how to fix this? (Server: Ubuntu 10.04 LTS, Client: Windows XP wit 06:22 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:35 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has quit [Read error: Connection reset by peer] 06:36 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 06:41 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 06:48 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 06:49 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Remote host closed the connection] 07:00 -!- Ciph_ [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 07:00 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has quit [Read error: Connection reset by peer] 07:02 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has joined #openvpn 07:05 -!- Ciph_ [~Ciph@109-104-19-74.customers.ownit.se] has quit [Ping timeout: 276 seconds] 07:05 <@vpnHelper> RSS Update - forum: Weird routing problem 07:06 -!- mape2k [~mape2k@2001:6f8:997:1000:221:86ff:fe98:93a2] has quit [Quit: Leaving] 07:11 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 07:18 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 07:49 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 07:58 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 08:02 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 08:03 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Read error: Connection reset by peer] 08:05 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 252 seconds] 08:10 -!- Ciph [~Ciph@109-104-19-74.customers.ownit.se] has quit [Quit: KVIrc 4.0.4 Insomnia http://www.kvirc.net/] 08:26 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 08:36 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 08:38 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 08:39 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 08:39 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:43 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:44 -!- tjz [~pc@unaffiliated/tjz] has quit [Quit: bbl.] 08:45 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 08:45 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 08:45 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 08:50 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 08:51 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:54 <@vpnHelper> RSS Update - forum: No more internet connexion 09:00 <@vpnHelper> RSS Update - forum: Http Proxy .. How to? 09:04 -!- bolovanos [~bb@38.213.broadband7.iol.cz] has quit [Quit: Miranda IM! Smaller, Faster, Easier. http://miranda-im.org] 09:11 -!- mgorbach [~mgorbach@96.241.54.213] has joined #openvpn 09:12 < mgorbach> Anyone out there a VPN performance expert? I'm seeing weirdness where downloads from the VPN server machine are fast, but downloads from other machines on its subnet are slow. 09:22 -!- KaiForce [~chatzilla@adsl-70-228-75-61.dsl.akrnoh.ameritech.net] has joined #openvpn 09:24 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 09:29 -!- Intensity [6zNDP14Gi1@unaffiliated/intensity] has joined #openvpn 09:29 <@vpnHelper> RSS Update - forum: OpenVPN Routed Performance Issue 09:35 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 09:35 <@vpnHelper> RSS Update - forum: Help setting upTunnel 09:58 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:00 -!- zux [~zux@195.13.186.54] has quit [Ping timeout: 240 seconds] 10:02 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Ping timeout: 240 seconds] 10:13 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:24 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 10:30 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 10:30 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 10:30 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 10:30 -!- mode/#openvpn [+v Axeman] by ChanServ 10:31 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 10:32 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 10:39 -!- APTX_ [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 10:39 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 10:42 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 10:42 <@vpnHelper> RSS Update - forum: IGMP 10:50 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:53 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 10:53 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 10:54 -!- Ehaa86 [~eivind@gore.copyleft.no] has quit [Quit: Lost terminal] 10:55 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 11:03 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 11:03 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 11:07 -!- vpopov [~happylife@dyn-58-35.fttbee.kis.ru] has quit [Ping timeout: 240 seconds] 11:16 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 11:26 -!- dazo is now known as dazo_afk 11:27 <+EugeneKay> !iptables 11:27 <@vpnHelper> "iptables" is (#1) to test if iptables is your problem, disable all rules or put the defaults to accept: iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -F; iptables -Z or (#2) please see http://openvpn.net/man#lbBD for more info or (#3) you can see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for pf or iptables 11:31 <@vpnHelper> RSS Update - forum: WHS as internet gateway with Open VPN anonymisation service 11:34 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 11:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 11:36 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:39 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 244 seconds] 12:27 -!- KaiForce [~chatzilla@adsl-70-228-75-61.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 12:51 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 252 seconds] 12:57 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 13:16 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 13:21 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Client Quit] 13:24 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 13:33 -!- Xymski is now known as Zimsky 13:39 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Quit: AAAGH! IT BURNS!] 13:44 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:49 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 13:53 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:53 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:55 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 13:56 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Client Quit] 13:59 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 14:01 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:08 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 14:16 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 14:35 < netskay> has anyone tinkered with tinc VPN here? 14:37 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 14:37 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 14:41 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 14:41 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 14:43 < ErichG> greetings all - I'm so close to having an openvpn bridging server working under osx lion, but have a head scratcher. In short, the exact same configuration works running on a linux OpenVPN server, but when executed on the Mac, while the remote router connects to the server, and server and router can ssh to each other over the tunnel, no other clients can see the vpn server. I gather it must have something to do with the tap or bridg 14:43 < ErichG> interface in OSX - any ideas? 14:44 < krzee> hang around, i think ecrist has found some weird stuff with bridging in osx 14:44 < ErichG> ahso! 14:44 < ErichG> thanks 14:44 < krzee> in the meantime, want me to try to talk you out of using bridge mode? 14:44 < ErichG> lol 14:44 < ErichG> no 14:45 < ErichG> I'll stick around, and in the meantime just run the server on a linux box. 14:47 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 14:47 < krzee> ok well ill let my bot get in some of my finer points ;] 14:47 < krzee> !tunortap 14:47 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 14:47 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 14:49 < ErichG> those are tasty 14:50 < ErichG> it's for my greedy little macintosh site to site bonjour.... I admit it. Shoot me! 14:50 < ErichG> I use routed for most things 14:56 -!- Deathvalley122 [~Death@localtel.eagleits.net] has quit [Remote host closed the connection] 14:56 < krzee> ;] 14:56 -!- Deathvalley122 [~Death@localtel.eagleits.net] has joined #openvpn 14:57 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 15:18 < haggler> !wins 15:18 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 15:43 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 15:53 <@vpnHelper> RSS Update - forum: breaking up Class C into four subnets 15:56 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 244 seconds] 16:08 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:12 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 16:12 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:13 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 16:14 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:18 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 16:23 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 16:24 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 16:30 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 16:35 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 16:46 -!- p3rror [~mezgani@41.249.9.45] has joined #openvpn 16:51 -!- p3rror is now known as UnicornS 16:55 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Remote host closed the connection] 16:55 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 16:59 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 17:02 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 17:08 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:17 <@vpnHelper> RSS Update - forum: Auth script returns "1" but, connects anyway 17:18 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 17:19 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 17:24 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 17:28 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Ping timeout: 240 seconds] 17:29 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:34 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:34 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 17:34 -!- [1]netskay is now known as netskay 17:34 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has joined #openvpn 17:34 <@vpnHelper> RSS Update - forum: Setup Ethernet Bridging on two remote site (One as server an 17:37 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:37 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 17:37 -!- [1]netskay is now known as netskay 17:38 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 17:40 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 17:40 -!- Azrael808 [~peter@cpc17-walt12-2-0-cust657.13-2.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 17:45 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 17:45 -!- mode/#openvpn [+o raidz] by ChanServ 17:50 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 17:51 < dangergrrl> !welcome 17:51 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 17:51 < dangergrrl> !goal 17:51 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 17:53 < dangergrrl> !configs 17:53 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 17:53 < dangergrrl> !logs 17:53 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 18:11 -!- ppr is now known as peper 18:21 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 18:27 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 18:34 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 18:35 < krzee> !ircstats 18:35 <@vpnHelper> "ircstats" is (#1) See http://secure-computing.net/logs/openvpn.html for all-time IRC stats. or (#2) See http://secure-computing.net/logs/openvpn-devel.html for all-time dev channel IRC stats. 18:41 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 18:41 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:43 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has joined #openvpn 18:43 -!- SOG [~SOG@wsip-70-164-135-177.lv.lv.cox.net] has quit [Client Quit] 18:57 -!- brah [c82b2429@gateway/web/freenode/ip.200.43.36.41] has joined #openvpn 18:58 < brah> Question: In a tun server, all the traffic between clients goes through the server, right? 19:02 < krzee> in openvpn, regardless of tun or tap, yes 19:03 -!- _julian_ [~quassel@hmbg-4d06e74b.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:03 -!- skynet-2000 is now known as thecooler 19:04 -!- thecooler is now known as skynet-2000 19:04 -!- _julian [~quassel@hmbg-4d06e0b6.pool.mediaWays.net] has joined #openvpn 19:13 -!- Denial [Denial@drgi.co.uk] has quit [] 19:16 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 19:17 -!- tekzilla [~jon@hmbg-5f7604b5.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 19:19 -!- tekzilla [~jon@hmbg-5f77c405.pool.mediaWays.net] has joined #openvpn 19:34 <@vpnHelper> RSS Update - forum: ZyXEL USG static route not working for Internet access 19:40 <@vpnHelper> RSS Update - forum: IGMP 19:46 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Quit: vocis] 19:51 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 20:00 -!- _julian_ [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has joined #openvpn 20:00 -!- _julian [~quassel@hmbg-4d06e0b6.pool.mediaWays.net] has quit [Read error: Operation timed out] 20:19 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 20:21 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 20:24 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 20:24 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 20:30 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 20:57 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 20:57 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:07 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:07 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 21:10 <@vpnHelper> RSS Update - forum: can't connect to connection 21:14 -!- UnicornS [~mezgani@41.249.9.45] has quit [Ping timeout: 240 seconds] 21:20 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 21:23 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 21:28 <@vpnHelper> RSS Update - forum: user-auth-verify Win7 write error 21:30 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Read error: Connection reset by peer] 21:30 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 21:44 -!- brah [c82b2429@gateway/web/freenode/ip.200.43.36.41] has quit [Ping timeout: 258 seconds] 22:01 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 22:04 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 22:10 <@vpnHelper> RSS Update - forum: TCP Out of Order Problem 22:28 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 22:40 <@vpnHelper> RSS Update - forum: Ubuntu 10.10 Certificate error 22:54 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:58 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 244 seconds] 23:02 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 252 seconds] 23:10 <@vpnHelper> RSS Update - forum: route traffic of one network adapters, two connected 23:31 -!- dangergrrl [~ariana@8.22.83.149] has joined #openvpn 23:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 23:40 -!- [1]netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- The professional IRC Client :D] 23:50 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:54 -!- mgorbach [~mgorbach@96.241.54.213] has quit [Quit: Leaving...] 23:54 -!- zz_mgorbach is now known as mgorbach --- Day changed Tue Jan 10 2012 00:28 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 00:30 -!- ovid [~ovid@unaffiliated/ovid] has quit [Quit: ...you break it, you pwn it.] 00:50 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 00:56 <@vpnHelper> RSS Update - forum: Site to Site problems. 01:14 <@vpnHelper> RSS Update - forum: Help setting upTunnel 01:20 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? || Want to establish VPN in a Organization Pease Help 01:20 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 01:20 -!- mode/#openvpn [+o mattock] by ChanServ 01:36 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 01:49 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 01:49 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 01:56 <@vpnHelper> RSS Update - forum: Free providers? 01:58 -!- stephanj [stephan@nemesis.stejau.de] has joined #openvpn 01:58 < stephanj> is there a way to have openvpn in bridged modus getting the ip via dhcp of the target network? 02:05 < reiffert> y 02:08 <@vpnHelper> RSS Update - forum: Span / Monitor port when using "client-to-client" mode? 02:14 <@vpnHelper> RSS Update - forum: Connects but can't reach remote network 02:17 < reiffert> !factoids search --values dhcp 02:17 <@vpnHelper> 'bridge-dhcp', 'dhcp', 'pushdns', and 'win_ipfail' 02:17 < reiffert> !dhcp 02:17 <@vpnHelper> "dhcp" is redirect-gateway bypass-dhcp gets around the problem of DHCP packets to the local DHCP server being incorrectly routed into the tunnel. Available in 2.1 02:17 < reiffert> !bridge-dhcp 02:17 <@vpnHelper> "bridge-dhcp" is http://openvpn.net/faq.html#bridge-addressing for making clients grab dhcp ip over the bridge but not over-riding dhcp ip from local dhcp server 02:23 < stephanj> the faq link is not available anymore, or rather doesnt point to any special article 02:26 < reiffert> http://openvpn.net/index.php/open-source/faq/77-server/323-i-want-to-set-up-an-ethernet-bridge-on-the-1921681024-subnet-existing-dhcp.html 02:26 <@vpnHelper> Title: I want to set up an ethernet bridge on the 192.168.1.0/24 subnet. existing DHCP. (at openvpn.net) 02:28 -!- meepmeep [meepmeep@212.24.104.229] has quit [Ping timeout: 244 seconds] 02:36 < stephanj> ah thanks! 03:08 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 255 seconds] 03:15 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 03:15 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 03:17 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 03:27 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 03:28 -!- nur [~nur@86.98.17.198] has joined #openvpn 03:28 < nur> Hi 03:28 < nur> any body home 03:28 < nur> ? 03:29 < nur> server.conf 03:30 < nur> local 192.168.0.113 03:30 < nur> port 1194 03:30 < nur> proto udp 03:30 < nur> dev tun 03:30 < nur> ca ca.crt 03:30 < nur> cert server.crt 03:30 < nur> key server.key # This file should be kept secret 03:30 -!- nur was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 03:31 -!- nur [~nur@86.98.17.198] has joined #openvpn 03:31 < nur> hi 03:35 < stephanj> pastebin and no meta questions 03:35 < nur> ? 03:35 < stephanj> http://pastebin.com 03:35 < nur> ahh ok 03:35 < nur> can you help me 03:35 < nur> ? 03:35 < stephanj> and "anybody home" - just ask 03:35 < stephanj> idk 03:36 < stephanj> i havent seen a question 03:36 < nur> i can tell you 03:36 < nur> im new to irc 03:36 < nur> never used in in my life 03:36 < nur> i dont know how it works 03:36 < nur> stuck with OpenVPN configuration 03:36 < stephanj> jap paste the config file again to the pastebin 03:36 < stephanj> then ask your question 03:36 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 03:36 < nur> ok 03:39 < nur> http://pastebin.com/290TgnSt 03:41 < stephanj> what is the problem? 03:44 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:46 -!- CaBa [caba@unique-inter.net] has left #openvpn [] 03:49 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:54 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has joined #openvpn 04:21 -!- master_of_master [~master_of@p57B55C85.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:23 -!- master_of_master [~master_of@p57B554F2.dip.t-dialin.net] has joined #openvpn 04:36 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 05:02 <@vpnHelper> RSS Update - forum: Openvpn config to allow IGMP traffic? 05:05 -!- beerbro [~gustav@mineralwasser.jesus.si] has quit [Read error: Connection reset by peer] 05:10 -!- gustav- [~gustav@mineralwasser.jesus.si] has joined #openvpn 05:21 -!- gustav- is now known as beerbro 05:24 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 05:32 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection || Ubuntu 10.10 Certificate error 05:45 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 05:45 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has joined #openvpn 05:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 06:03 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 06:17 -!- dazo_afk is now known as dazo 06:25 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 06:25 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 06:26 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 06:34 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 06:38 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 06:42 -!- jhp [~jhp@zeus.jhprins.org] has joined #openvpn 06:43 < jhp> Hi everyone. I need to migrate my openvpn server to a new CA with new certs for everybody. I have created my new CA. What are my next steps. Can I run the same OpenVPN server with a cert from both CA's and a CA file containing information for both CA's? 06:44 < jhp> So basicly extending the 3 files with an extra CA, an extra key and an extra cert? 07:00 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Ping timeout: 252 seconds] 07:01 <@ecrist> what did I do? 07:03 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 07:07 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Ping timeout: 252 seconds] 07:12 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has joined #openvpn 07:13 < Cyntrox_> !welcome 07:13 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 07:14 < Cyntrox_> !route 07:14 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 07:17 < Cyntrox_> When I start openVPN, the tun interface is set as the default gateway - is there a way to prevent that? 07:21 <@dazo> jhp: I'd send this request to the openvpn-users mailing list ... please elaborate a bit more there. I'm sure there are more people there who can give more qualified answers .... I believe it is possible to do it like you describe, but there might be some pitfalls I'm not aware of - as I've never tried myself 07:21 <@dazo> Cyntrox_: remove --redirect-gateway from your configs 07:21 -!- ferdelan [~none@gw-2.211.ru] has joined #openvpn 07:22 < Cyntrox_> That option is not in my config. Here's a paste: http://pastebin.com/EGPdhCvV 07:23 <@dazo> Cyntrox_: then you need to add --route-nopull and add additional --route entries for those routes your do want through your VPN 07:24 < Cyntrox_> dazo: Thanks, I'll try that (and probably be disconnected from this channel in the process) 07:25 < ferdelan> Hi guys! Can someone say how to configure openvpn server for using one client with auth-pass without cipher and another client to use TLS-auth and cipher? 07:39 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 07:39 <+havoc> too bad one config can't establish multiple tunnels :( 07:39 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has quit [Read error: Connection reset by peer] 07:40 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 07:45 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 07:47 -!- codingrobot [~codingrob@heim-032-63.raab-heim.uni-linz.ac.at] has joined #openvpn 07:47 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 260 seconds] 07:49 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 07:49 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 07:50 -!- ravel_exe [ravel_exe@175.142.247.6] has joined #openvpn 07:59 -!- krzie [nobody@hemp.ircpimps.org] has joined #openvpn 07:59 -!- krzie [nobody@hemp.ircpimps.org] has quit [Changing host] 07:59 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 08:01 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has joined #openvpn 08:02 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has joined #openvpn 08:08 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:13 -!- ravel_cmd [ravel_exe@175.142.247.6] has joined #openvpn 08:15 -!- ravel_exe [ravel_exe@175.142.247.6] has quit [Ping timeout: 255 seconds] 08:21 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:21 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:23 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 244 seconds] 08:23 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:25 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 08:30 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:30 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:36 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:37 -!- anathaema [~ariana@8.22.83.149] has joined #openvpn 08:39 -!- bragon_ [~Alexandre@81.93.247.165] has joined #openvpn 08:39 -!- fremo_ [~fremo@noc.toile-libre.net] has joined #openvpn 08:40 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 240 seconds] 08:40 -!- bragon [~Alexandre@81.93.247.165] has quit [Ping timeout: 240 seconds] 08:40 -!- dangergrrl [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 08:40 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Read error: Connection reset by peer] 08:41 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Remote host closed the connection] 08:41 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has joined #openvpn 08:41 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:41 -!- fremo [~fremo@noc.toile-libre.net] has quit [Ping timeout: 240 seconds] 08:41 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 08:41 -!- zz_mgorbach is now known as mgorbach 08:43 -!- ravel_cmd [ravel_exe@175.142.247.6] has quit [Remote host closed the connection] 08:43 -!- ravel_exe [ravel_exe@175.142.247.6] has joined #openvpn 08:46 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer] 08:46 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:51 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer] 08:51 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:56 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Read error: Connection reset by peer] 08:57 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 08:57 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has quit [Quit: leaving] 08:57 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 08:57 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 08:57 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:01 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:01 -!- Secret [~Secret@78.157.114.78] has quit [Read error: Operation timed out] 09:01 < X0Rc0re> need help with setting up OpenVPN 09:01 < X0Rc0re> can someone please help me 09:01 -!- kloeri [~kloeri@freenode/staff/exherbo.kloeri] has joined #openvpn 09:04 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:05 <@dazo> X0Rc0re: step carefully ... we're not going to help without seeing your configuration attempts first 09:10 < X0Rc0re> i sent them last time 09:11 -!- Cyntrox_1 [~Cyntrox@146.247.159.205] has joined #openvpn 09:12 -!- Cyntrox_1 [~Cyntrox@146.247.159.205] has quit [Read error: Connection reset by peer] 09:12 -!- ravel_cmd [ravel_exe@175.142.247.6] has joined #openvpn 09:12 -!- lusis [u2537@gateway/web/irccloud.com/x-ashkfjvhklwyetwa] has left #openvpn [] 09:13 < rob0> hmmm, do we have a heightened sense of entitlement here? :) 09:13 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:14 < rob0> I scrolled up anyway, and in several pages of the channel, there was no evidence of any pastebin from a "X0Rc0re". 09:14 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has quit [Ping timeout: 252 seconds] 09:15 <+havoc> I think the point is: "paste it again", no matter what 09:15 <+havoc> you can't expect those who help scores of people daily to remember a paste for you 09:15 -!- ravel_exe [ravel_exe@175.142.247.6] has quit [Ping timeout: 248 seconds] 09:16 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has joined #openvpn 09:21 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 276 seconds] 09:22 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:23 -!- ravel_cmd [ravel_exe@175.142.247.6] has quit [Remote host closed the connection] 09:24 <@dazo> havoc++ 09:26 < X0Rc0re> effort = too much effort. 09:26 < X0Rc0re> teamviewer can help :) 09:26 < X0Rc0re> its all on there 09:26 < X0Rc0re> all my configs 09:26 <@dazo> X0Rc0re: last chance ... WE DO NOT DO TEAMVIEWER SUPPORT HERE 09:26 * rob0 loses interest in helping 09:26 < X0Rc0re> which channel does? 09:27 <@dazo> X0Rc0re: YOU must put some effort into solving this ... and we will guide you ... we will NOT do the job for you 09:27 < rob0> http://sweet.nodns4.us/ 09:27 <@vpnHelper> Title: S.W.E.E.T.: Stop Wasting Everyone Else's Time (at sweet.nodns4.us) 09:27 < X0Rc0re> you must understand i am still a young fellow, at the tender age of 12. 09:27 <@dazo> then you have the capacity to learn ... and you learn by doing 09:29 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 240 seconds] 09:29 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:30 -!- ravel_exe [~ravel_exe@175.142.247.6] has joined #openvpn 09:35 -!- ravel_exe [~ravel_exe@175.142.247.6] has quit [Read error: Connection reset by peer] 09:36 -!- ravel_exe [ravel_exe@175.142.247.6] has joined #openvpn 09:38 < jeev> uh 09:38 < jeev> once every 6 months, something happens to a vpn for a customer. 09:38 < jeev> i can't get past the router (first hop) 09:39 < jeev> win xp client machines - linux router (192.168.1.254) - internet - myvpn 09:40 < jeev> when i try to traceroute one of the two ips that's routed specifically to go through the vpn via pushing the route, the computers when traceing it, will show the first hop, 192.168.1.254, everything else will time out. nothing has been touched. 09:45 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 09:47 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:49 -!- Cyntrox_ [~Cyntrox@146.247.152.209] has quit [Ping timeout: 276 seconds] 09:51 -!- Cyntrox [~Cyntrox@146.247.152.209] has joined #openvpn 09:51 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 09:53 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 09:53 < krzie> jeev, are you also thumbs? 09:55 < jeev> no way! 09:55 < jeev> ick! 09:56 < jeev> i started this gangster shit, this is the THANKS I GET? 09:56 <@ecrist> you started what? 09:56 < jeev> who knows 09:56 < jeev> any idea what i'm experiencing ? 09:56 <@ecrist> no 09:56 < krzie> lack of troubleshooting experience 09:56 -!- ravel_exe [ravel_exe@175.142.247.6] has quit [] 09:56 < krzie> seems to be the big factor 09:56 * jeev waves his fist at ecrist and krzie 09:57 < jeev> i'll follow the packets i guess 09:57 < jeev> i just wanted to a quick answer 09:57 < krzie> heh 09:57 < jeev> now! 10:00 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 10:00 -!- thumbs [1000@unaffiliated/thumbs] has joined #openvpn 10:00 < thumbs> krzie: no. 10:00 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:00 < krzie> lol 10:01 < thumbs> krzie: I have spies everywhere. 10:01 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 10:02 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:03 -!- Cyntrox [~Cyntrox@146.247.152.209] has quit [Ping timeout: 268 seconds] 10:04 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:05 < krzie> ;] 10:05 * jeev knows the spy 10:05 < jeev> thumbs, can't believe he mistook me for YOU, as i said, "ick" 10:06 < krzie> you did change handles to his once before :-p 10:06 < thumbs> he tried, when I was offline. 10:06 < jeev> yea like 3 months ago 10:06 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 10:06 < krzie> and both your idents are numeric 10:06 < thumbs> thankfully, I have enforce on. 10:06 < jeev> pfft, he's user 1000 10:06 < jeev> i'm user 1004, i'm too cool, i have 3 users before. 10:07 < jeev> lol 4 10:07 < krzie> actually, 4 before 10:07 < jeev> i dont know how to co uhnt 10:07 < krzie> ya 10:07 < krzie> and thats not counting root 10:07 < krzie> which i bet came before too 10:07 < jeev> THAT'S NOT COUNTING LP 10:08 < krzie> but i was pretty sure it was different people 10:08 < krzie> cause in #mysql i seen that thumbs knows stuff 10:09 < krzie> and well 10:09 < krzie> heh 10:09 < jeev> yea, he doesn't know nearly enough 10:09 < jeev> the other day he was asking me the difference between phillips and a flat head 10:09 -!- rkantos [~robin2@109.169.55.199] has quit [Read error: Connection reset by peer] 10:09 < thumbs> jeev: shut up already. 10:09 < krzie> 1 makes TV's, other is for setting your beer on while getting head? 10:10 < jeev> krzie, who knows. 10:10 < jeev> he's pmsing, so i'm going to stop, he's a real bad pmser 10:11 < jeev> krzie 10:11 < jeev> i tried it on my nexus, it wouldn't set default gateway 10:11 < jeev> too lazy to figure out why 10:11 < krzie> .topic 10:11 < jeev> i have won the laziness achievment. 10:12 < krzie> oh n m 10:12 < krzie> it used to say we wouldnt put in more effort than you 10:12 < krzie> i guess now we will! :-p 10:12 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 10:12 < jeev> those days are gone! 10:12 < jeev> na i'll figure that out later, not important 10:13 < krzie> its easy dude, just get a log 10:13 < grendal-prime> ok i guess i just cant think of how to word this. I connected from a terminal.. like openvpn --config myconfig.conf 10:13 < grendal-prime> an that works..but the terminal got shut down and the tun is still up. 10:13 < grendal-prime> i want to disconnect via the term...and i see no way of doing that 10:13 < krzie> kill 10:14 < grendal-prime> openvp --kill tun0 ? 10:14 < krzie> no 10:14 < krzie> kill 10:14 < krzie> yanno, normal unix admin stuff ;] 10:14 < grendal-prime> really? wow i thought there would be some... 10:15 < grendal-prime> i dont know... tun remove command 10:15 < grendal-prime> interesting.. 10:15 < krzie> well 10:15 < krzie> openvpn is still running 10:15 < jeev> i wonder if that's krzie 10:15 < krzie> ;] 10:15 < krzie> kill openvpn, run will go away 10:15 < krzie> unless it was persistant (made with --mktun) in which case --rmtun would do it 10:18 < grendal-prime> ok well i just used htop found it and killed it. Thats how i did it in the past i just thought there was a more...well prefered way of doing it. 10:18 < krzie> s/run/tun/ 10:18 < krzie> well if you use the management interface you could likely kill it from there 10:19 < krzie> but really, if you just use kill it should suicide cleanly 10:19 < krzie> kill -9 would be more unclean, but really shouldnt matter either 10:19 < krzie> unless you have disconnect scripts that matter 10:19 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 252 seconds] 10:19 < krzie> besides, nobody breaks out the -9 hammer needlessly anymore, right? 10:23 <@dazo> krzie: kill -9 might not necessarily remove any created devices ... that usually tells the kernel to kill the process without mercy ... kill [-15 (TERM)] will allow the process to shutdown properly on its own 10:25 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:27 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:29 < krzie> ahh wed 10:29 < krzie> werd* 10:32 <@dazo> it's not so weird actually. SIGKILL is a signal which can not be caught by the application at all. The kernel will just go into its internal scheduler and remove that job as a running process and free the memory used by it ... with SIGTERM it will send the signal to the application which can then "catch" this signal and run a "cleanup" routine. The application will then stop doing whatever it did, and the registered signal handler process 10:32 <@dazo> will be run instead ... and it can even decide to ignore SIGTERM if it wants to (even though that's considered bad coding) 10:35 < krzie> werd != weird 10:35 <@dazo> ahh 10:35 < krzie> werd is like "cool" 10:35 * dazo read "weird" and saw now it is "werd" :) 10:35 < krzie> ya that happens a bit actually 10:36 <@dazo> :) 10:36 < krzie> hows things going man? 10:37 <@dazo> pretty good ... having a pretty full plate these days ... and too many cool tasks to look at :) 10:37 <@dazo> but trying to stay on top of openvpn patches though :) 10:37 < krzie> ;] 10:37 <+EugeneKay> krzie - kinda. I managed to corrupt the databases while testing failover, gave up there. 10:37 < krzie> http://i.imgur.com/p3eX2.png 10:37 < krzie> LOL 10:38 < krzie> nsfw (text only) 10:38 <@dazo> Even managed to get some time for eurephia hacking too ... a PostgreSQL database driver is taking pretty good shape now :) (supplemental to SQLite) 10:38 < krzie> oh very cool 10:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 10:40 <@dazo> Next part is to revamp the code to be able to use LDAP for authentication (coupled with SQLite or PostgreSQL db for config/user tracking) 10:40 <@dazo> (and then maybe Kerberos as a supplement to LDAP) 10:42 <@dazo> and by the way ... if you want a great enterprisey SQL database ... look at PostgreSQL .... forget about MySQL - that's a piece of crap when you want to do more advanced stuff 10:42 <@dazo> EugeneKay: how do you find such stuff ....... 10:43 <@dazo> on second though ... I don't want to know! :-P 10:43 <+EugeneKay> dazo - which stuff? 10:43 <@dazo> geee ... I misread! I meant krzie! 10:44 <+EugeneKay> The stuff I find is far worse >_> 10:44 <@dazo> Then I definitely don't want to know! ;-) 10:52 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 10:58 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN || Newbee Help Please 11:01 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 240 seconds] 11:08 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 11:08 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 11:08 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 11:13 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 11:13 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 11:13 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:13 -!- mode/#openvpn [+v Axeman] by ChanServ 11:28 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 248 seconds] 11:30 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:33 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has quit [Ping timeout: 260 seconds] 11:34 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 11:38 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 268 seconds] 11:38 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:40 <@ecrist> jeev: wtf are you carrying on about? 11:47 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 252 seconds] 11:52 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 11:53 -!- X0Rc0re [~chatzilla@203-206-101-97.dyn.iinet.net.au] has quit [Remote host closed the connection] 11:53 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 11:57 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 276 seconds] 11:58 < jeev> BLAH 11:59 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 12:00 -!- ferdelan [~none@gw-2.211.ru] has quit [] 12:01 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:08 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 268 seconds] 12:11 -!- Secret [~Secret@78.157.114.78] has joined #openvpn 12:14 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 12:25 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 12:32 < krzie> !hmac 12:32 <@vpnHelper> "hmac" is (#1) The tls-auth directive adds an additional HMAC signature to all SSL/TLS handshake packets for integrity verification. Any UDP packet not bearing the correct HMAC signature can be dropped without further processing. The tls-auth HMAC signature provides an additional level of security above and beyond that provided by SSL/TLS. or (#2) openvpn --genkey --secret ta.key to make the tls static key 12:32 <@vpnHelper> , in configs: tls-auth ta.key # , 1 for client or 0 for server in the configs 12:35 -!- Secret [~Secret@78.157.114.78] has quit [Ping timeout: 244 seconds] 12:36 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 12:37 < krzie> !certverify 12:37 <@vpnHelper> "certverify" is verify your certs are signed correctly by running `openssl verify -CAfile ` for client.crt and server.crt 12:38 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 12:41 -!- Secret [~Secret@78.157.114.46] has joined #openvpn 12:54 -!- dazo is now known as dazo_afk 13:06 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 13:08 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 13:09 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has joined #openvpn 13:09 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 13:10 -!- gremly [~gremly@200.106.218.64] has quit [Client Quit] 13:10 -!- Secret [~Secret@78.157.114.46] has quit [Ping timeout: 252 seconds] 13:10 < WaGE> Greetings all, is there anyway I can get the hostname or arbitrary data from a remote client without sshing into box? 13:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Read error: Connection reset by peer] 13:11 < hyper_ch> WaGE: what do you try to achieve? 13:11 < WaGE> I just want to be able to identify the clients 13:12 < WaGE> and I can't use common name etc from cert 13:12 < hyper_ch> use CCD 13:12 < hyper_ch> and assign each one a static ip 13:13 < WaGE> hrm, that wouldn't work in my current setup >_< 13:14 <@vpnHelper> RSS Update - forum: OpenVPN in WinCE 13:14 < WaGE> hyper_ch: so there is no way to pull information from client? 13:14 < WaGE> hyper_ch: like hostname for example 13:14 < krzie> no 13:14 < WaGE> hyper_ch: having only the dhcp assigned IP address 13:14 < WaGE> darn 13:15 < krzie> you could use hostname as the common-name 13:15 < WaGE> yeah, was hoping there was something else 13:15 < WaGE> like a command line option that would push certain info to server 13:15 < hyper_ch> you could use magic 13:15 < krzie> but nothing should ever be pushed to the server 13:15 < krzie> and because of that, cant 13:15 < WaGE> yeah 13:16 < krzie> the info that is given to the server that does what you want is the common-name 13:16 < WaGE> hmm, so it would have to be some other kind of mechanism outside of OpenVPN 13:16 -!- Secret [~Secret@78.157.114.46] has joined #openvpn 13:16 < WaGE> krzie: right, the thing is the certs are shared between all the clients 13:16 < krzie> so you use pw auth? 13:16 < WaGE> so at the moment, common name won't do it 13:18 < krzie> you are using usernames/passwords right? 13:18 < WaGE> nope 13:18 < WaGE> just the certs 13:18 < krzie> then your setup is done wrong, and thats why you have no accountability 13:18 < krzie> theres no work-around to attempt to make it right, cause its wrong ;] 13:18 < krzie> like fundamentally 13:19 < hyper_ch> but isn't "no accountability" a good thing? 13:19 < krzie> not if you run the server :-p 13:19 <+EugeneKay> Only at Enron. 13:19 < krzie> or if it is, then he doesnt need info from the client ;] 13:19 < krzie> but he cant break all accountability, then ask why he cant have some accountability 13:19 < WaGE> also to add a little bit of more fuel to the fire 13:20 < WaGE> even if I did have user / pass 13:20 < WaGE> they would share :X 13:20 < krzie> why 13:20 <+EugeneKay> I lolt 13:23 < WaGE> sorry back 13:23 < WaGE> because 13:23 < WaGE> they're devices 13:24 < hyper_ch> everything is a device :) 13:28 * rob0 is a device 13:28 < WaGE> ... 13:29 < WaGE> devices with very limited configurability ~_~ 13:29 < WaGE> basically just clones 13:29 -!- r0ckY [~r0ckY@host74-2.natpool.mwn.de] has joined #openvpn 13:30 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:30 < r0ckY> hi, i need to have specific mac addresses for my clients. I can assign these in windows quitlinux?e easily, but what would be the best way to deal with this in 13:31 < r0ckY> hi, i need to have specific mac addresses for my clients. I can assign these in windows quite easily, but what would be the best way to deal with this in linux? 13:37 -!- r0ckY [~r0ckY@host74-2.natpool.mwn.de] has quit [Quit: IRC webchat at http://irc2go.com/] 13:37 -!- anathaema [~ariana@8.22.83.149] has quit [Ping timeout: 240 seconds] 13:41 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:41 <@vpnHelper> RSS Update - forum: openvpn stops working after a server reboot 13:42 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 13:48 <@vpnHelper> RSS Update - forum: Error svc_run_except 13:54 <@vpnHelper> RSS Update - forum: Problem starting Access Server. || SVC_RUN_EXCEPT-cannot start server 13:57 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 14:00 <@vpnHelper> RSS Update - forum: Auth script returns "1" but, connects anyway 14:37 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has joined #openvpn 14:37 -!- skynet-2000 [~skynet-20@99-62-100-172.lightspeed.tukrga.sbcglobal.net] has quit [Changing host] 14:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:44 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 14:54 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 15:06 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 15:07 -!- Rolybrau [~Rolybrau@33-97.3-85.cust.bluewin.ch] has joined #openvpn 15:07 -!- Rolybrau [~Rolybrau@33-97.3-85.cust.bluewin.ch] has quit [Changing host] 15:07 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 15:08 -!- mgorbach is now known as zz_mgorbach 15:17 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Quit: ErichG] 15:54 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 16:04 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 16:04 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 16:04 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:05 -!- newl [~newl@97.75.165.156] has joined #openvpn 16:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:14 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 16:22 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has joined #openvpn 16:30 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 16:31 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has joined #openvpn 16:34 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has left #openvpn [] 16:34 -!- Schnabeltier [Schnabel3@ist.verliebt.in.seinen.bouncer.von.bouncer-paradise.com] has joined #openvpn 16:35 < Schnabeltier> !welcome 16:35 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 16:36 < Schnabeltier> !goal 16:36 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 16:37 < Schnabeltier> !readirect 16:37 < Schnabeltier> !redirect 16:38 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 16:38 < Schnabeltier> !def1 16:38 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 16:39 * Schnabeltier alleready confused 16:39 < Schnabeltier> !ipforward 16:39 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 16:39 < Schnabeltier> !linipforward 16:39 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 16:41 < Schnabeltier> !nat 16:41 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 16:41 < Schnabeltier> !linnat 16:41 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 16:57 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has joined #openvpn 16:58 < okamis_> Hi, I have set up a routed connection by the arch wiki guide, I just wonder why I lose my lan connection when I start the openvpn server 17:14 < dioz> redirect policy? 17:19 -!- newl [~newl@97.75.165.156] has quit [Quit: Lost terminal] 17:21 -!- newl [~newl@97.75.165.156] has joined #openvpn 17:21 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 17:25 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has quit [Ping timeout: 260 seconds] 17:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 17:31 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 17:36 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 17:44 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 17:52 < krzee> okamis_, we dont know, use, or care about the arch wiki guide 17:52 < krzee> !welcome 17:52 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 17:53 <@vpnHelper> RSS Update - forum: Can ping everything, except VPN Server LAN IP 18:07 < okamis_> !route 18:07 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 18:09 -!- kardus [~kardus@silph.co] has joined #openvpn 18:35 < okamis_> !redirect 18:35 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 18:36 < okamis_> !dns 18:36 <@vpnHelper> "dns" is (#1) Level3 open recursive DNS server at 4.2.2.[1-6] or (#2) Google open recursive DNS server at 8.8.8.8 / 8.8.4.4 or (#3) you might be looking for !pushdns 18:37 < okamis_> !def1 18:37 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 18:38 -!- grendal-prime [~sgraham@2001:470:822a:200:1e75:8ff:fe48:dfef] has quit [Ping timeout: 260 seconds] 18:40 < newl> !strongswan 18:41 < Olipro> OpenVPN is not IPSec 18:49 < krzee> !notcompat 18:49 <@vpnHelper> "notcompat" is (#1) IPSEC and PPTP are _not_ compatible with OpenVPN. OpenVPN uses SSL whereas PPTP and IPSEC use proprietary protocols and therefore cannot be compatible. or (#2) OpenVPN only connects to OpenVPN 18:53 < newl> Olipro: no kidding 18:54 < Olipro> you know there's a strongswan IRC channel right? 18:54 < Olipro> on this very network 18:54 < newl> no way ... is it called #strongswan?? who would a guessed - been there for years bud 18:56 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 18:56 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 18:56 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:56 -!- mode/#openvpn [+v Axeman] by ChanServ 18:57 < Olipro> then that makes your querying the channel bot with "!strongswan" appear all the more bizarre 18:58 < newl> as does your response 19:03 <+EugeneKay> Ladies, please. 19:03 -!- JoeGazz84 is now known as joegazz 19:04 <+EugeneKay> Can't we all get along? 19:06 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 19:10 -!- Denial [Denial@drgi.co.uk] has quit [] 19:18 -!- tekzilla [~jon@hmbg-5f77c405.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 19:18 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has quit [Ping timeout: 258 seconds] 19:20 -!- tekzilla [~jon@hmbg-4d06ad17.pool.mediaWays.net] has joined #openvpn 19:27 < Olipro> good old vpnHelper with those RSS updates 19:27 < Olipro> because the channel can never have enough stupid 19:28 < Olipro> internat exploder wont route thru my VPN, plz halp! 19:29 < dioz> what's wrong with ie? 19:29 < dioz> i primarily use ie 19:29 < krzee> !windows 19:29 <@vpnHelper> "windows" is (#1) pcs are like air conditioners, they work fine unless you open windows or (#2) http://secure-computing.net/files/windows.jpg for funny or (#3) http://secure-computing.net/files/windows_2.jpg for more funny 19:29 < dioz> not funny at all 19:30 < krzee> not joking 19:30 < krzee> :-p 19:31 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 19:34 < newl> Olipro: must be nice to be so superior to everyone else 19:39 -!- APTX_ is now known as APTX 19:40 <+JodaZ> newl, it is 19:41 <+JodaZ> why is routing always so rocket sciency 19:43 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 19:45 <+havoc> routing is easy; finding the typo not so much ;) 19:45 <+JodaZ> routing isn't easy 19:45 <+JodaZ> not even subnet masks are, i mean when theres a gui for it, couldn't they at least show how they match ? with like bits and colour ? 19:46 <+havoc> eh, well to me it makes sense 19:46 <+havoc> but I still have problems with it, usually a typo that takes me forever to find :( 19:49 <+havoc> that or some other colosally stupid mistake 19:50 <+JodaZ> how does routing work again ? you specify a ip+mask+interface for where packets go out for that ipmask match ? 19:50 <+havoc> don't think about masks, that'll mess you up 19:51 <+havoc> they matter, but not before you understand the rest 19:51 <+havoc> it's all about the "hops" 19:52 <+havoc> if you have points A, B, and C, and you want to get to C from A via B, the B needs to know about (i.e. have a route to) A and C 19:52 <+havoc> a route is a direction for packets to the next "hop" 19:52 <+JodaZ> so what what parameters does a route have ? 19:53 <+havoc> the the route on A for A to B would actually be the address of B 19:53 <+havoc> at most basic it's an address, mask, and gateway 19:53 <+havoc> with an optional interface and/or metric 19:54 <+havoc> but metrics are for graph theory, you don't need to know that ;) 19:54 <+JodaZ> gateway is an ip that is looked up to a mac thats then used, right ? 19:54 <+havoc> gateway and interfaces can be used *almost* interchangably 19:54 <+JodaZ> wat 19:54 <+havoc> that just tells the packets which exit door to use 19:55 <+JodaZ> just because an interface has its own default gateway you don't need to only use that to ever route over that interface, do you ? 19:55 <+havoc> *or* which door leads to the destination they already know (from the route) that they need to get to 19:55 -!- pranq [pranq@unaffiliated/contempt] has quit [Read error: Operation timed out] 19:56 <+havoc> default gateway is something lsightly different 19:56 -!- zz_mgorbach is now known as mgorbach 19:58 -!- _julian [~quassel@hmbg-4d069186.pool.mediaWays.net] has joined #openvpn 19:58 <+havoc> JodaZ: I'd try to help/explain more, but it's my bedtime 19:59 <+JodaZ> same here pretty much 19:59 <+JodaZ> good night 19:59 -!- pranq [pranq@unaffiliated/contempt] has joined #openvpn 20:00 < mgorbach> Anyone other there familiar with tcpdump? 20:00 < mgorbach> I'm troublingshooting an OpenVPN performance issue and trying to understand why tcpdump is reporting large numbers of packets "dropped by interface." 20:01 < newl> it ain't that hard - i can even do it 20:02 <@ecrist> what interface dropped them? 20:02 -!- _julian_ [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 20:02 < mgorbach> The interface on my openvpn server, which is masquerading. 20:02 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 20:03 < mgorbach> I am noticing good performance downloading from the openvpn server itself, but slow performance downloading from other machines on its subnet. 20:03 < newl> are you talking about when you end tcpdump and it says # dropped packets? 20:03 < newl> those are packets you didn't have it collect 20:03 -!- grendal-prime [~sgraham@c-67-187-145-117.hsd1.ca.comcast.net] has joined #openvpn 20:04 < mgorbach> It says "0 dropped by filter, 0 dropped by kernel, dropped by interface" 20:06 < mgorbach> Oh, maybe dropped by interface means that they were dropped because they were not on the specifc interface. 20:06 < newl> what is your command line 20:08 <@ecrist> mgorbach: the interface will drop packets that it receievs, but which were not destined for it 20:08 < mgorbach> Ah 20:09 < mgorbach> ecrist: So that makes sense in the case of masquerading? 20:09 <@ecrist> sure 20:10 < newl> promiscuousness 20:10 <@ecrist> it tells me you have a device sending traffic to an interface, and you're doing something wrong. 20:11 < mgorbach> Hmm 20:11 < mgorbach> ecrist: The problem I'm troubleshooting is this: https://forums.openvpn.net/topic9553.html 20:11 <@vpnHelper> Title: OpenVPN Support Forum OpenVPN Routed Performance Issue : Configuration (at forums.openvpn.net) 20:12 < mgorbach> Basically, download from the VPN server itself is fas.t Downlad form any other machine on its LAN subnet is slow. 20:12 < mgorbach> And I can't figure out why. 20:16 -!- novaflash is now known as novaflash_away 20:17 <@ecrist> mgorbach: one would argue you're doing it wrong 20:17 < mgorbach> ecrist: How so? 20:17 <@ecrist> you should have your openvpn server in between your airport extreme and your internet gateway 20:17 <@ecrist> let the AE be an AP 20:18 < mgorbach> ecrist: Why is that a better design? (Sorry, quite new to networks). 20:19 <@ecrist> if you're new to networks, you really have no business messing with masquerading. 20:19 -!- pa [~pa@unaffiliated/pa] has quit [Read error: Operation timed out] 20:20 < mgorbach> ecrist: The issue is that I have an old AppleTV I've hacke into a Gentoo linux server. I want it to be an OpenVPN gateway for me, so I don't have to keep my other machines on. 20:20 < mgorbach> Because the AE is my gateway, I can't do static routes, so masquerading was the only way to allow the OpenVPN clients to access the server subnet, as I understood it. 20:20 < mgorbach> And it does _work_, it just seems to have horrible perofrmance issues that I don't understand. 20:20 <@ecrist> right, and I'm not a linux guy, and your issue isn't openvpn 20:21 <@ecrist> it's the masquerading 20:21 < mgorbach> I figured that, given that the connection is performing great to the server directly. 20:21 <@ecrist> !notopenvpn 20:21 <@vpnHelper> "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 20:22 < mgorbach> But does masquerading have known problems that prevent it from working in my setup? 20:26 <@ecrist> I don't have your setup, so, no known issues, I guess. 20:27 <@ecrist> we do all sorts of redirects and NAT on our network at $work and have no issues. 20:27 <@ecrist> but, we have a properly configured network, as well, with decent kit 20:35 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 20:58 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Quit: AAAGH! IT BURNS!] 21:00 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has joined #openvpn 21:07 < codingrobot> i'm looking for a working udp-hole-punching tool similar to http://code.google.com/p/udponnat/ because my server is behind firewall. any ideas? 21:07 <@vpnHelper> Title: udponnat - UDPonNAT is a PROXY for UDP application. With UDPonNAT, you can make your UDP application server to provide service behind the NAT device. - Google Project Hosting (at code.google.com) 21:09 -!- newl [~newl@97.75.165.156] has quit [Quit: Reconnecting] 21:09 -!- newl [~newl@97.75.165.156] has joined #openvpn 21:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:26 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 21:34 -!- |rt| [~realthing@24-181-237-193.dhcp.oxfr.ma.charter.com] has joined #openvpn 21:34 < |rt|> Has anyone seen the OpenVPN GUI not prompt the user for their username and password? 21:40 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 21:45 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:45 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:45 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:46 -!- mode/#openvpn [+v Axeman] by ChanServ 21:51 < |rt|> Looks like the newest version has resolved the issue. Must have been a bug in the GUI somewhere 21:52 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 21:56 <@vpnHelper> RSS Update - forum: OpenVPN Clients Automation 22:03 -!- troyt [~troyt@c-24-10-222-127.hsd1.ut.comcast.net] has quit [Quit: AAAGH! IT BURNS!] 22:05 -!- codingrobot [~codingrob@heim-032-63.raab-heim.uni-linz.ac.at] has left #openvpn [] 22:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:17 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 22:21 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Client Quit] 22:24 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 22:41 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 22:50 -!- jameslordhz [~jack@60.12.143.54] has joined #openvpn 22:50 <@vpnHelper> RSS Update - forum: OpenVPN routing fails, but only sometimes. (windows client) 23:08 -!- twister004 [~chatzilla@59.90.104.109] has joined #openvpn 23:28 -!- mgorbach is now known as zz_mgorbach 23:43 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has joined #openvpn 23:51 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway --- Day changed Wed Jan 11 2012 00:05 -!- grendal-prime [~sgraham@c-67-187-145-117.hsd1.ca.comcast.net] has quit [Quit: Ex-Chat] 00:31 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 00:38 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 00:43 -!- nur [~nur@86.98.17.198] has quit [Quit: Leaving] 00:48 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 01:01 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? 01:12 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 01:13 -!- novaflash_away is now known as novaflash 01:20 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 01:20 -!- mode/#openvpn [+o mattock] by ChanServ 01:32 -!- jameslordhz [~jack@60.12.143.54] has left #openvpn [] 01:34 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 01:49 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 01:53 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:01 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP || Routing to VPN stil not working with Open VPN2.2.2 || Routes problem, ping not into LAN 02:06 -!- Champi [Champi@rootshell.fr] has quit [Ping timeout: 252 seconds] 02:07 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 02:18 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 268 seconds] 02:18 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 02:41 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:47 -!- kardus [~kardus@silph.co] has left #openvpn [] 02:50 -!- twister004 [~chatzilla@59.90.104.109] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 03:13 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 248 seconds] 03:14 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 03:19 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:19 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has joined #openvpn 03:22 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 03:24 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 03:31 -!- Champi [Champi@rootshell.fr] has joined #openvpn 03:32 -!- eutheria [~eutheria@cpc7-cmbg14-2-0-cust43.5-4.cable.virginmedia.com] has quit [Quit: Mankind is obsolete] 03:36 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter || route traffic of one network adapters, two connected 03:46 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 04:06 -!- X0Rc0re [~chatzilla@203-206-23-97.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 04:16 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 04:16 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 04:16 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:18 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 04:22 -!- master_of_master [~master_of@p57B554F2.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:23 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has joined #openvpn 04:24 -!- master_of_master [~master_of@p57B52E1B.dip.t-dialin.net] has joined #openvpn 04:24 -!- pa [~pa@unaffiliated/pa] has quit [Quit: Sto andando via] 04:25 < pqatsi> Someone have a theory for a openvpn that dont pass any trafic more or less in a day or 2, with or without traffic? 04:25 < pqatsi> (And sometimes fails when im doing something within vpn) 04:36 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 04:42 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? || Routes problem, ping not into LAN || redirect traffic to tunnel of one out of 2 network adapter 04:46 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 04:52 -!- eutheria [~francis@host81-137-110-129.in-addr.btopenworld.com] has joined #openvpn 04:54 < eutheria> i was wondering if there is an 'easier' windows client to use, one that doesn't require me to up run the client as admin? 04:54 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 04:56 -!- eutheria [~francis@host81-137-110-129.in-addr.btopenworld.com] has quit [Quit: Mankind is obsolete] 04:59 -!- X0Rc0re [~chatzilla@203-59-89-93.dyn.iinet.net.au] has joined #openvpn 04:59 <@vpnHelper> RSS Update - forum: OpenVPN N2N setup with IPfire 04:59 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 05:02 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 05:10 -!- X0Rc0re [~chatzilla@203-59-89-93.dyn.iinet.net.au] has quit [Ping timeout: 240 seconds] 05:12 -!- fluter [~fluter@125.34.78.155] has joined #openvpn 05:12 -!- fluter [~fluter@125.34.78.155] has quit [Changing host] 05:12 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 05:34 <@vpnHelper> RSS Update - forum: OpenVPN N2N setup with IPfire 05:35 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 05:40 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 05:40 -!- mode/#openvpn [+o raidz] by ChanServ 05:40 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 05:43 -!- Netsplit *.net <-> *.split quits: bigpaws, takamichi, Rolybrau, skynet-2000 05:47 -!- Netsplit over, joins: takamichi, Rolybrau, skynet-2000, bigpaws 06:03 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 06:05 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 06:13 -!- Tick-Tock [~Tick-Tock@2607:f358:1:fed5:22:0:b683:4295] has quit [Quit: ZNC - http://znc.in] 06:14 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has quit [Ping timeout: 276 seconds] 06:16 -!- qiyong [~qiyong@60.23.248.82] has joined #openvpn 06:17 < qiyong> i want clients behind tun0 and tun1 see each other 06:17 < qiyong> i have tun0 and tun1 06:17 < qiyong> anyone help me with linux ip route? 06:17 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 06:19 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 06:25 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has joined #openvpn 06:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 06:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 06:28 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 06:28 -!- mode/#openvpn [+v Axeman] by ChanServ 06:38 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 06:41 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 06:47 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 06:53 < |Mike|> snip those < > off ktnx 06:53 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 06:54 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 06:56 -!- fluter [~fluter@fedora/fluter] has quit [Ping timeout: 260 seconds] 07:05 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 07:06 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 07:11 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 07:14 <+havoc> any of you guys run shorewall? 07:14 <+havoc> I'm only curious; no other reason for asking 07:14 -!- Diffen [~diffen@80.78.212.242] has joined #openvpn 07:14 -!- dazo_afk is now known as dazo 07:15 <+havoc> I generally get new users to use it as it simplifies [for them] setting up all the routing 07:16 <+havoc> ("routing" being used generically here) 07:20 -!- mrsno_ [~sno@static.153.209.46.78.clients.your-server.de] has quit [Ping timeout: 240 seconds] 07:21 -!- mrsno_ [~sno@static.153.209.46.78.clients.your-server.de] has joined #openvpn 07:23 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 || Invalid Subnet Mask and no Default Gateway 07:26 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 07:28 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 07:28 <@vpnHelper> RSS Update - forum: Help setting upTunnel 07:35 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 07:39 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 07:39 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 07:41 <@vpnHelper> RSS Update - forum: Problem connecting to SQL Server through OpenVpn tunnel || Invalid Subnet Mask and no Default Gateway 07:47 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 07:49 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:54 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 07:54 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 07:57 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:59 <@vpnHelper> RSS Update - forum: Can ping everything, except VPN Server LAN IP || Routes problem, ping not into LAN 08:02 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 240 seconds] 08:02 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 08:04 -!- Beave [~champ@bundy.vistech.net] has quit [Ping timeout: 255 seconds] 08:04 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 08:04 -!- Beave [~champ@bundy.vistech.net] has joined #openvpn 08:05 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 08:06 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 08:06 < stdudz> Hello, I am trying to find a way to alter or scramble the tls handshake so that l7-filters can't detect it. Can anyone point me in the right direction as to what is needed to do this? 08:07 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 08:08 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:08 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:08 -!- mode/#openvpn [+v Axeman] by ChanServ 08:11 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 08:14 < stdudz> I am studying the source and have found some info, c2.tls_multi seems to be important, I believe other people have achieved implementing such a feature 08:27 <@dazo> stdudz: that's going to be immensely difficult ... basically the OpenVPN protocol is standard SSL with an extra package in front ... this is to allow SSL over UDP (SSL is strictly designed for TCP) 08:27 <@dazo> so this extra package contains some info which UDP is lacking over TCP ... like packet sequence numbering 08:27 <@dazo> and this is why l7 filters identify openvpn traffic 08:33 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:34 -!- pqatsi [~leleobhz@unaffiliated/leleobhz] has quit [Ping timeout: 268 seconds] 08:35 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 252 seconds] 08:36 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 08:36 < stdudz> Thanks for responding dazo. Could altering the construction of the additional section in some way be enough to evade detection from the l7 filters you think? 08:37 < stdudz> rather than scrambling it 08:38 <@dazo> stdudz: if you do that, your implementation of OpenVPN will not be compatible with other versions of OpenVPN .... depending on how clever the l7 filter is, it might work .... but if you use 443/tcp ... the filter might only allow proper SSL packets there 08:47 < stdudz> Sorry i forgot to say, I have control of both clients and servers so incompatibility with standard openvpn is no problem. I'll keep investigating the source 08:48 -!- RamsesFSFE [~RamsesFSF@internetautobahn.de] has joined #openvpn 08:51 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 08:51 < RamsesFSFE> Hi all, I've got a problem with OpenVPN running on the tap-Device. Both server and client start without errors, and obviously, I can send packets through the VPN but don't receive any. The openvpn-status.log on the server shows much more outgoing traffic than ifconfig on the client side. The tap0 device on the client side always receives only 42 bytes. What could I do to find out what the problem is? 08:52 < Nike> hello all, is it possible to leave eth0 as it was and also use that interface as the bridge interface for the tap device? 08:52 -!- vocis [~vocis@gateway/tor-sasl/voidzero] has left #openvpn [] 08:56 < Nike> it seems to work if i give 192.168.1.1 to the eth0, start the openvpn stuff with tap on 192.168.1.2 and then assign 192.168.1.2 again to eth0 08:56 < Nike> is this a good setup? 08:59 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Read error: Connection reset by peer] 08:59 -!- Nike_ [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 09:06 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 09:06 -!- Nike_ [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Read error: Connection reset by peer] 09:06 -!- RamsesFSFE [~RamsesFSF@internetautobahn.de] has left #openvpn ["Verlassend"] 09:09 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway || Routes problem, ping not into LAN 09:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 09:11 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 09:13 -!- fluter [~fluter@fedora/fluter] has quit [Remote host closed the connection] 09:14 -!- |rt| [~realthing@24-181-237-193.dhcp.oxfr.ma.charter.com] has left #openvpn [] 09:14 -!- Nike_ [~nikenike@82-171-252-6.ip.telfort.nl] has joined #openvpn 09:14 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Read error: Connection reset by peer] 09:14 -!- Nike_ is now known as Nike 09:14 <@vpnHelper> RSS Update - forum: NYC Server specialists - Technology business solutions 09:16 -!- Diffen [~diffen@80.78.212.242] has quit [Quit: This computer has gone to sleep] 09:17 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:19 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 09:21 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 09:22 < Nike> how am i supposed do this: i run services on eth0 09:22 < Nike> i want to run an openvpn service on that machine 09:23 < Nike> what is the right way? 09:26 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 09:27 < rob0> !bridging 09:27 < rob0> !tap 09:27 <@vpnHelper> "tap" is "bridge" is (#1) http://openvpn.net/index.php/documentation/faq.html#bridge1, or (#2) http://openvpn.net/index.php/documentation/miscellaneous/ethernet-bridging.html, or (#3) Bridging looks like a good choice to people who don't know how to set up IP routing, but to learn routing is generally far better., or (#4) useful for windows sharing (without wins server) and LAN gaming, anything where the 09:27 <@vpnHelper> protocol uses MAC addresses instead of IP addresses. 09:32 -!- Nike [~nikenike@82-171-252-6.ip.telfort.nl] has quit [Ping timeout: 248 seconds] 09:32 <@vpnHelper> RSS Update - forum: Open VPN library for Ubuntu and Mac 09:37 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 09:37 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 09:38 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 09:40 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 09:40 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:41 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:42 -!- tmus [~tmus@host-230-227.adsl.gl] has joined #openvpn 09:42 -!- phaedra [~phaedra@pdpc/supporter/monthlybyte/phaedra] has joined #openvpn 09:43 < tmus> Hi all - All my licenses disappeared from my OpenVPN-AS machine... Trying to re-add yields: Support for the licenses expired on december 23rd, but surely that's not the problem...(?) 09:47 <@dazo> !as 09:47 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 09:47 <@dazo> tmus: ^^ 09:47 < tmus> dazo, thanks :-) 09:48 < ErichG> pardon the remedial question - but if I want to create a private subnet, can I just create a tap interface without bridging with a real interface? 09:49 <@dazo> ErichG: yes, and that's the recommended approach ... also called "routed setup" 09:50 < ErichG> meaning a routed bridge (NAT on VPN server), rather than a "routed" vpn? 09:50 <@dazo> ErichG: in such setups you can also use TUN mode (instead of TAP, which bridges requires), which gives you less overhead on the tunnel as well 09:51 <@dazo> ErichG: I don't understand that question 09:51 < ErichG> yes - I understand that part, thanks. 09:52 < ErichG> sorry, I mean - I want to create a bridged VPN, but I don't want to route anything to the net, just let the clients all share the interface.. I understand I can created a tun based vpn as an alternative, but I'm specifically trying to bridge a private subnet. 09:52 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 09:52 < ErichG> also... 09:53 <@dazo> ErichG: ahh, okay ... well, when you bridge the traffic, it's impossible to say which traffic came from LAN or VPN .... as those two are "merged" together 09:54 < ErichG> yes.. I mean that I could route traffic from that interface to another using iptables if I wanted to... 09:54 <@dazo> so if you want LAN to access the Internet and not VPN clients ... then you have no chance with bridging 09:54 <@dazo> (as firewalling will happen against the brX device) 09:55 <@dazo> maybe ebtables have some features which can solve that, but I don't know ebtables enough to say 09:55 <@dazo> ErichG: basically, what I think you're trying to solve ... using bridging will just make things very much complicated .... 09:56 <@dazo> is there a reason you need bridging to start with? 09:56 < ErichG> yes, please don't beat me up about bridging vs routing... there are reasons I need to bridge these networks. 09:56 < ErichG> lol 09:57 < ErichG> the real issue is that I can't get bridging working under OSX, whereas this all works perfectly running the server under linux. 09:58 <@dazo> it's just that you route and firewall the bridge interface .... so if what you bridge together will have the same privileges, then it's nothing else than standard network setups .... but if what you bridge should be behaved differently, then you're into a painful path of disappointments 09:58 <@dazo> ErichG: bridging on OSX arrived first on the latest OSX release, whatever that was again ... ecrist might know something here 09:59 < ErichG> I heard from someone (possibly you) that he had discovered an issue in osx... I do have a bridge constructed 09:59 < ErichG> I know it's new 09:59 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 10:00 <@dazo> I might be the guilty one .... but I don't recall ;-) 10:00 < ErichG> time flys! 10:00 <@dazo> :) 10:04 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 10:07 < ErichG> I think my question is basically... and I realize this is super remedial... Does OpenVPN server take the traffic its seeing on the public interface and copy it to the tap interface, or is it relying on the tap interface being bridged with a public interface? 10:08 -!- tmus [~tmus@host-230-227.adsl.gl] has quit [Ping timeout: 240 seconds] 10:09 <@vpnHelper> RSS Update - forum: Wrong Time in Logs 10:16 * ecrist is here. 10:17 <@ecrist> ErichG: you need to bridge the interfaces in the kernel for that behavior 10:17 <@ecrist> openvpn doesn't do that itself. 10:17 < ErichG> got it... makes sense.. 10:18 -!- smerz [~smerz@smerz.demon.nl] has joined #openvpn 10:18 < ErichG> meanwhile - ecrist, have you found something about the new bridge feature in Lion? 10:18 <@ecrist> it works 10:20 < ErichG> that's good to know, as I don't seem to be getting it to work.. is it critical that the ip be reassigned from en0 to the bridge? It lets me add en0 while letting it keep its ip... 10:21 <@vpnHelper> RSS Update - forum: Invalid Subnet Mask and no Default Gateway 10:21 <@ecrist> as far as i know, there's no graphical tools, you have to do everything on the command line. 10:21 <@ecrist> no, which interface has the IP should be irrelevant. 10:22 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:22 < ErichG> that's what I thought.. in linux, when you add an interface to a bridge, it strips its ip and then you have to assign it to bridge itself. 10:22 < ErichG> it's great that OSX doesn't do that 10:23 < ErichG> nevertheless... my bridge doesn't work - the router (tomatoVPN) can ssh across the tunnel to the Server and vice versa, yet the other machines behind tomato can't see the server and vice versa. 10:25 < ErichG> if you can confirm you've had a working bridging server running under Lion - I'll just keep banging my head against it until I figure out what I've done wrong... lol. 10:25 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 10:25 <@ecrist> OS X's bridge interface is based on what freebsd has 10:26 <@ecrist> ErichG: I have had a working bridge on OS X Lion, but it wasn't related to openvpn. are you making sure you 'up' the bridge interface, after it's created? 10:26 <@ecrist> that's what most people forget 10:26 <@ecrist> ifconfig bridge0 create up 10:27 < ErichG> ecrist: I'll do that explicitly.. ifconfig seems to report its up.. if that's what it is - I may shoot myself. lol 10:28 <@ecrist> pastebin your ifconfig output 10:28 < ErichG> will do - rebuilding the bridge.. one sec 10:28 <@ecrist> ok 10:30 -!- Irssi: #openvpn: Total of 143 nicks [5 ops, 0 halfops, 36 voices, 102 normal] 10:31 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:31 -!- vpnHelper [~vpn@openvpn/bot/vpnHelper] has quit [Quit: Ctrl-C at console.] 10:32 -!- vpnHelper [~vpn@openvpn/bot/vpnHelper] has joined #openvpn 10:32 -!- mode/#openvpn [+o vpnHelper] by ChanServ 10:32 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 276 seconds] 10:34 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 10:35 < ErichG> ecrist: http://pastebin.com/hLG1hJe7 10:37 <@ecrist> looks fine to me 10:38 < ErichG> cool... I'll connect to the vpn and see what the result is. 10:39 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Read error: Connection reset by peer] 10:41 -!- phaedra [~phaedra@pdpc/supporter/monthlybyte/phaedra] has quit [Quit: Leaving] 10:44 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 268 seconds] 10:45 -!- Diffen [~diffen@90-231-44-70-no32.tbcn.telia.com] has joined #openvpn 10:47 <@ecrist> ErichG: I'm firing up a bridge on this end, too, to see if it works. 10:49 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 268 seconds] 10:52 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 10:53 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Ping timeout: 252 seconds] 10:56 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection || Invalid Subnet Mask and no Default Gateway 10:59 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 11:00 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 11:11 < rob0> Captain, report to the bridge. 11:11 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 11:12 < jeev> oh no 11:12 < jeev> rob0 is following me again 11:13 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 11:21 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 11:22 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 11:26 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:28 <@ecrist> ErichG: I do find one particular problem with bridging on OS X, as I test it 11:29 <@ecrist> I have to re 'up' the interfaces in the bridge (the ones without IPs) 11:31 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 11:32 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 240 seconds] 11:35 <@ecrist> ifconfig bridge0 create addm tap0 addm en0 up 11:36 <@ecrist> that works for me without a problem, and I actually didn't have to up the interfaces again 11:38 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:38 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 11:42 -!- ErichG_ [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 11:45 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 11:45 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 240 seconds] 11:45 -!- ErichG_ is now known as ErichG 11:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:49 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 11:50 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Ping timeout: 255 seconds] 11:56 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 11:58 -!- Homeman [~Homeman@0x5739dcae.roennqu1.dynamic.dsl.tele.dk] has joined #openvpn 11:59 < Homeman> Googled this a bit, but didnt find a answer, is it posible to foward all the clients connections on lets say port 80 to a internal ip and port like 127.0.0.1:XxxX 12:00 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Remote host closed the connection] 12:02 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN || Invalid Subnet Mask and no Default Gateway 12:03 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has joined #openvpn 12:04 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 12:09 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 12:13 <@ecrist> ErichG: I tested, and bridging works fine 12:13 <@ecrist> 11:35:57 <@ecrist> ifconfig bridge0 create addm tap0 addm en0 up 12:13 <@ecrist> 11:36:12 <@ecrist> that works for me without a problem, and I actually didn't have to up the interfaces again 12:14 < ErichG> ecrist: that works for me fine, in terms of creating the bridge.. but when I connect with openvpn, I can't ping the server from behind the tomato router 12:15 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 12:15 <@ecrist> I tested that exact thing, though 12:15 <@ecrist> I'm on a laptop, connected to our work network over openvpn 12:15 < ErichG> and you have a bridging server running on OSX? 12:16 < ErichG> not the client... 12:16 <@ecrist> I connected my wife's latop (via ethernet) and assigned it an IP on our VPN subnet, and it can connect to all our company resources without a problem. 12:16 <@ecrist> it doesn't matter if it's an openvpn client or server 12:16 < ErichG> well.. in my case.. it seems to 12:16 <@ecrist> the bridging is at the kernel level, not the openvpn (application) layer 12:17 <@ecrist> well, I'm not your admin, so I can't speak to your setup, but I am confirming bridging DOES work on openvpn 12:17 < ErichG> that's great news... 12:19 < ErichG> what I'm experiencing is that when running as a server under OSX, that when the same exact client router connects to the same configuration, I can't ping across the tunnel from behind the router, whereas in the linux server setup exactly the same way, it works perfectly. 12:19 -!- Homeman [~Homeman@0x5739dcae.roennqu1.dynamic.dsl.tele.dk] has left #openvpn [] 12:20 < ErichG> with the OSX machine networking setup as per the ifconfig output you saw earlier. 12:20 < ErichG> weird 12:22 < ErichG> again, I can ssh across the tunnel from the tomato router itself 12:22 < ErichG> anyway - thanks for the help and input! 12:26 <@ecrist> no problem 12:27 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 12:30 -!- novaflash is now known as novaflash_away 12:31 -!- Diffen [~diffen@90-231-44-70-no32.tbcn.telia.com] has quit [Quit: This computer has gone to sleep] 12:51 -!- novaflash_away is now known as novaflash 12:56 <@vpnHelper> RSS Update - forum: Browser not routing through openvpn connection 13:00 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has quit [Ping timeout: 244 seconds] 13:11 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 13:13 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 13:16 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 13:20 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 13:20 < JoeyJoeJo> How do I set up clients for split tunnelling? 13:21 < pwrcycle> !route 13:21 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 13:21 < JoeyJoeJo> Thanks 13:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:31 -!- LetsGo [~LetsGo@unaffiliated/letsgo] has joined #openvpn 13:40 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:41 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 13:41 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Client Quit] 13:46 -!- sukima [suki@gateway/shell/blinkenshell.org/x-debjrajdhxsvmtoz] has joined #openvpn 13:47 < sukima> !welcome 13:47 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 13:48 < sukima> !redirect 13:48 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 13:48 < sukima> !ipforward 13:48 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 13:49 < sukima> !osxipforward 13:49 <@vpnHelper> "osxipforward" is (#1) sysctl -w net.inet.ip.forwarding=1 for a temp solution or (#2) add IPFORWARDING=-YES- in /etc/hostconfig for a permanent solution 13:49 < sukima> !nat 13:49 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 13:52 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 13:52 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 13:53 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 13:54 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has quit [Ping timeout: 244 seconds] 13:58 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 13:59 < hyper_ch> krzee: raspberry pi news - http://arstechnica.com/gadgets/news/2012/01/raspberry-pis-35-700mhz-linux-computer-enters-manufacturing.ars 13:59 <@vpnHelper> Title: Raspberry Pi's $35, 700MHz Linux computer enters manufacturing (at arstechnica.com) 14:00 < Essobi> already been reading about that... 14:00 < Essobi> It's a weeee tiny arm. 14:01 < hyper_ch> I know, I'm going to order a couple 14:01 < hyper_ch> I currently envision two usage cases for them 14:01 < hyper_ch> maybe more later :) 14:01 < hyper_ch> (1) run as backup server - just add two external drives, use the base debian system and setup rsync / ssh backups 14:02 < hyper_ch> (2) run a freeswitch server on it 14:02 <@dazo> could probably also work pretty well as openvpn based client routers 14:02 < hyper_ch> maybe :) 14:03 < hyper_ch> well, for a FS server, you just need a 4gb sd card with the sstem and FS on it 14:07 < sukima> I have a feeling this is a dumb noob question but I have a OSX server running openvpn and setting redirect-gateway so that the client tunnels all traffic (want secure access through tunnel to internet) Setting ipforward but unable to find info on NAT for mac or on "bridging" is this just not possible on a OSX server? 14:11 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 14:12 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 14:17 < Essobi> hyper_ch: Umm.. don't expect to get too many calls up let alone transcode on freeswitch with that... iirc, no MMU on that ARM. 14:17 < Essobi> I've toyed with with arm. 14:18 < hyper_ch> Essobi: I wished I could put somehow a pci isdn card on it 14:19 < Essobi> Uhh.. didn't someguy make a blackfin ATA for asterisk? to give to low-income in africa? that could possibly be changed enough to run a isdn chip. 14:21 < Essobi> http://www.atcom.cn/products_ippbx.html?gclid=COby7PflyK0CFYtX7Aod02JjhA 14:21 <@vpnHelper> Title: IP PBX |Asterisk | ATCOM | VOIP Manufacturer (at www.atcom.cn) 14:21 < Essobi> Those... they're blackfin running asterisk/linux 14:21 < rob0> sukima, the only dumb noob part of it is that you are asking in the wrong place. It is a question about your OS, so it belongs in a place that supports your OS. 14:21 < Essobi> with the ATA interface on the board.. 14:22 < Essobi> and there's a BRI model. 14:22 < hyper_ch> Essobi: well, I just wished I could use the low power raspberry pi to also use isdn 14:22 < Essobi> hyper_ch: http://www.voip-info.org/wiki/view/IP-4B 14:23 <@vpnHelper> Title: IP-4B - voip-info.org (at www.voip-info.org) 14:23 < Essobi> well... you're going to need mawr power just to run the ISDN interfaces then the pi uses. 14:23 < Essobi> That IP4B is max 2amps at 12V. 14:24 < Essobi> it'll do about 10-15 calls too. 14:24 < Essobi> where as that pi will probably do like 2-3... 14:24 < Essobi> If that. 14:25 < Essobi> I had an ARM920T that'd barely do 2 calls. 14:26 < Essobi> Okay okay... So.. is there a way to undo a redirect-gateway issued to a client? I want to mess with not routing all the traffic over the vpn anymore, but the client push is in the server config not the ccd's.. i'd like to edit my ccd and remove that default gw, and start specifying all the network ranges I use... 14:32 -!- Some_Person [~Some_Pers@91.227.125.201] has joined #openvpn 14:33 < Some_Person> Does OpenVPN on the client's end depend more on the upload or download speed? 14:33 < hyper_ch> Essobi: the pi will do mare... it has 256mb ram 14:34 < Essobi> Mmm... 14:34 < Essobi> Pi-cluster. nom. 14:34 < Some_Person> I'm trying to stream video through OpenVPN and it isn't very stable. The server appears to have plenty of bandwidth both up and down, but the client's upload speed is unimpressive 14:34 < hyper_ch> Essobi: it even can do full hd :) 14:34 -!- Some_Person [~Some_Pers@91.227.125.201] has quit [Changing host] 14:34 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has joined #openvpn 14:35 < Essobi> hyper_ch: Yea.. my arm920T has USB, ethernet, compact-pci, etc. 14:35 < hyper_ch> hmmm, the PI could also server a cheap media server 14:35 < hyper_ch> it can do full hd, has hdmi 14:37 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 14:42 < Essobi> noice. must have off-loaders. 14:51 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 14:55 -!- sukima [suki@gateway/shell/blinkenshell.org/x-debjrajdhxsvmtoz] has quit [Quit: leaving] 15:30 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 15:35 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 15:36 < Essobi> hyper_ch: when's the pi hitting the shelf? --- Log closed Wed Jan 11 15:39:00 2012 --- Log opened Wed Jan 11 15:39:16 2012 15:39 -!- ecrist [~ecrist@jaguar-2-red.claimlynx.com] has joined #openvpn 15:39 -!- Irssi: #openvpn: Total of 139 nicks [4 ops, 0 halfops, 36 voices, 99 normal] 15:39 < hyper_ch> Essobi: you probably could put it into a big mac box :) 15:39 -!- Irssi: Join to #openvpn was synced in 30 secs 15:42 < Essobi> sheeit, gun metal black. Look like a tiny flight data recorder. 15:42 < hyper_ch> (or use a big mac box to prevent it from dusting) 15:44 * dazo gets hungry with all this big mac talk .... 15:46 < hyper_ch> better get a double whopper :) 15:47 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 15:48 < hyper_ch> btw: https://verydemotivational.files.wordpress.com/2010/10/demotivational-posters-popemobile.jpg 15:57 -!- LetsGo [~LetsGo@unaffiliated/letsgo] has quit [Quit: Leaving] 16:04 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Remote host closed the connection] 16:12 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 16:14 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has joined #openvpn 16:14 < WaGE> Hello all, aside from expect whats a good way to automate the creation of a client cert? 16:16 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 16:28 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:38 < hyper_ch> WaGE: magic 16:39 < hyper_ch> magic is a good way to do anything 16:40 < hyper_ch> but do you even need expect? can't you input all info with parameters? 16:41 <@vpnHelper> RSS Update - forum: Problems connection multiple times with same user 16:46 -!- haggler [hnbc@pool-108-5-105-250.nwrknj.fios.verizon.net] has left #openvpn [] 16:50 < WaGE> hyper_ch: sorry for the delay 16:50 < WaGE> hyper_ch: its cool, I just mangled build-key to use --batch instead of interactive and using env var for CN 16:50 < hyper_ch> :) 16:53 <@vpnHelper> RSS Update - forum: Problems connection multiple times with same user 16:55 -!- dazo is now known as dazo_afk 17:05 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 17:07 < Essobi> .8 17:11 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 17:14 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 17:58 < Essobi> Meh... can you not put a redirect-gateway statement in a ccd? 18:00 < Essobi> When I move the redirect statement from the primary config to a ccd, my config stops working for some reason.. 18:06 < jhp> Hi everybody. I use OpenVPN to connect to my office network. And this works fine for both IPv4 and IPv6. But with IPv6 I have a problem and that is the MAC address of the TAP device that changes everytime resulting in a not so steady IPv6 address on my client. 18:07 < jhp> how do I tell my OpenVPN in NetworkManager to use the MAC address of my ethernet card for the TAP device? Is this possible 18:07 < jhp> ? 18:52 < dioz> ifconfig-pool-persist ipp.txt ??? 19:01 -!- pa [~pa@unaffiliated/pa] has quit [Ping timeout: 240 seconds] 19:02 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 19:03 -!- WaGE [~wormwood@c-174-48-233-198.hsd1.md.comcast.net] has quit [Quit: WeeChat 0.3.6] 19:16 -!- tekzilla [~jon@hmbg-4d06ad17.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:21 -!- tekzilla [~jon@hmbg-4d06db09.pool.mediaWays.net] has joined #openvpn 19:27 < qiyong> i have tun0 and tun1. i want clients behind tun0 and tun1 see each other. how? 19:28 -!- rooth [rooth@ge.mig.en.redfox.nu] has quit [Ping timeout: 276 seconds] 19:30 -!- rooth [rooth@ge.mig.en.redfox.nu] has joined #openvpn 19:32 < krzee> treat them as lans behind openvpn 19:32 < krzee> tun0 would be a lan behind tun1's openvpn 19:32 < krzee> and tun1 would be a lan behind tun0's vpn 19:32 < krzee> !route 19:32 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 19:37 -!- Denial [Denial@drgi.co.uk] has quit [] 19:39 -!- corretico [~luis@190.211.93.11] has joined #openvpn 19:40 -!- corretico [~luis@190.211.93.11] has quit [Read error: Connection reset by peer] 19:41 -!- corretico [~luis@190.211.93.11] has joined #openvpn 19:53 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 19:53 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 19:53 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 19:57 -!- _julian_ [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has joined #openvpn 19:59 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:59 -!- mode/#openvpn [+v Axeman] by ChanServ 20:00 -!- _julian [~quassel@hmbg-4d069186.pool.mediaWays.net] has quit [Ping timeout: 240 seconds] 20:01 -!- joegazz [~JoeGazz84@TechEssentials/JoeGazz84] has quit [Read error: Operation timed out] 20:05 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 20:07 < qiyong> krzee: on both networks, i added: route add -net xxx gw xxx 20:08 < qiyong> krzee: but it doesn't work 20:10 < krzee> are both processes servers? 20:14 -!- smerz [~smerz@smerz.demon.nl] has quit [Quit: Ex-Chat] 20:16 -!- novaflash is now known as novaflash_away 20:17 -!- newl [~newl@97.75.165.156] has joined #openvpn 20:28 < qiyong> krzee: don't know 20:29 < krzee> umm 20:29 < krzee> its not your setup? 20:32 < qiyong> krzee: actually, i'm using vtun for quick and dirty setup. i'll migrate to openvpn later 20:38 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 20:39 < krzee> then why are you asking for help here? 20:39 < krzee> ok well heres the quick rundown if you decide to use openvpn 20:39 < krzee> if both are server processes 20:39 < krzee> each will push the other's client subnet to its clients 20:40 < krzee> and server will have ip forwarding on 20:40 < krzee> *the end* 20:40 < qiyong> ip forwarding on you mean the ip_forwarding ? 20:41 < qiyong> i have net.ipv4.ip_forward = 1 20:41 < qiyong> krzee: ^ 20:45 < Schnabeltier> i hate openvopn 20:45 < Schnabeltier> mighty tool, but damn fucking hard to get running properly 20:47 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 20:47 -!- mode/#openvpn [+v Axeman2] by ChanServ 20:48 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 20:49 < newl> ? 20:49 < newl> to easy to get running actually 20:50 < rob0> What I have seen is that people who don't understand enough about networking have wrong expectations. I think that those who do understand the basics find it pretty easy. 20:50 <+EugeneKay> Everything is easy once you know how to do it 20:50 < rob0> Fortunately, openvpn is a nice tool to teach yourself about networking. 20:51 < Schnabeltier> until now i was statisfied with ssh tunnel but now i need openvpn, i´m a rookie in networking i would suppose, but openvpn is hard 20:53 -!- Axeman3 [~Axeman3@knox.pace.edu] has joined #openvpn 20:54 * rob0 scrolled up a few pages and saw no question 20:54 < rob0> I suggest you read the /topic first. 20:55 < thumbs> everything is simple for rob0 20:57 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Read error: Operation timed out] 21:04 < dioz> everything is simple for those that read 21:04 < dioz> and are capable of comprehending what it is they're reading 21:04 < dioz> if you can't do those simple actions 21:04 < dioz> i'd suggest not working with computers 21:04 < dioz> i hear janitors don't need to read 21:05 <+EugeneKay> !enter 21:05 <+EugeneKay> Hrm, thought this bot had that. 21:05 <+EugeneKay> "The enter key is not a punctuation mark." 21:06 < thumbs> !help 21:06 <@vpnHelper> (help [] []) -- This command gives a useful description of what does. is only necessary if the command is in more than one plugin. 21:06 < dioz> http://www.geeksaresexy.net/2011/05/14/cat-5-cable-flogger-pic/ 21:06 <@vpnHelper> Title: Cat-5 Cable Flogger [Pic] (at www.geeksaresexy.net) 21:06 -!- qiyong [~qiyong@60.23.248.82] has quit [Quit: leaving] 21:07 < newl> dioz kinda arrogant are we? 21:07 < dioz> i've been told that yeah 21:07 < newl> usually you have to have something to back it up 21:08 < dioz> back up my ability to read and comprehend the text i am reading? 21:12 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 21:18 < Schnabeltier> when the server runs a static key, only one client can connect, am i right? 21:20 < rob0> Static key is very easy, and there IS no server and no client. They are peers. Yes, two peers. 21:21 < rob0> There is a short and simple static-key-mini-howto on the community documentation site. 21:28 < rob0> heh, unfortunately it too uses the "client" and "server" terms, but to be fair, it was written long before an actual openvpn server implementation existed. 21:29 < rob0> So while it was wrong, it was less wrong than it is now. 21:29 < Olipro> even if you were just using a static key, I don't think that wouldn't have any bearing on your choice of operation with respect to routing 21:30 < rob0> Of course. Routing is routing. The howto merely gets a point-to-point tunnel working. After that, you have to know what you are doing. 21:31 -!- mick_laptop [~mick@clamwin/admin/mickhome] has quit [Ping timeout: 255 seconds] 21:32 < krzee> !learn enter as The enter key is not a punctuation mark. 21:32 <@vpnHelper> Joo got it. 21:32 < krzee> ;] 21:33 < newl> i think \n is a punctuation mark? 21:34 < krzee> nope, escape sequence 21:38 -!- mick_laptop [~mick@mickweiss.com] has joined #openvpn 21:43 < Schnabeltier> !tun 21:43 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 21:44 < Schnabeltier> !lintun 21:44 < Schnabeltier> mhm... 21:44 < Schnabeltier> !welcome 21:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 21:44 < Schnabeltier> !redirect 21:44 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 21:47 < Schnabeltier> !def1 21:47 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 21:48 < Schnabeltier> !ipforward 21:48 <@vpnHelper> "ipforward" is please choose between !linipforward !winipforward !osxipforward and !fbsdipforward 21:48 < Schnabeltier> !linipfoward 21:49 < Schnabeltier> !linipforward 21:49 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 21:52 -!- kzoo [~russellm@rustlesolutions.ca] has joined #openvpn 21:53 < kzoo> How do I have my clients push routes on to my openvpn server when they connect so that I have a route back to my clients network? Does adding a "route" statement in the client config do this? 21:56 <+EugeneKay> !route 21:56 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 21:57 <+EugeneKay> Clients don't push to the server; the server knows what client<--> what lan because of the iroute in the ccd 21:58 < kzoo> ok pefect that's exactly what i needed 21:59 -!- Axeman3 [~Axeman3@knox.pace.edu] has quit [Read error: Connection reset by peer] 22:03 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 22:07 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 22:22 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 22:25 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:36 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 22:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Client Quit] 22:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 22:43 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Ping timeout: 248 seconds] 22:51 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 22:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 23:13 <@vpnHelper> RSS Update - forum: Finding Cookware Sets Reviews 23:37 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 23:45 -!- bcalab [~bcalab@117.239.59.179] has joined #openvpn 23:46 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has joined #openvpn 23:48 < bcalab> The firewall in my openvpn client's network, drops connection if persistent traffic is sent or downloaded via all ports except http and https ports. 23:49 < bcalab> I tried running server on https port, still openvpn establshes connection, but upsurge in traffic via the tunnel make the firewall to drop the connection 23:51 -!- bcalab is now known as ribbler --- Day changed Thu Jan 12 2012 00:00 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 00:07 <@vpnHelper> RSS Update - forum: Newbee Help Please 00:07 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Remote host closed the connection] 00:24 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 00:25 -!- jameslordhz [~jack@60.12.143.9] has joined #openvpn 00:25 < jameslordhz> hi all 00:36 -!- Peter1234 [~jircii@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 00:38 < Peter1234> hi everyone i need to know the difference of the downloads in the openvpn repository i know the as version is access server ,but the other downloads from there is that client end of openvpn for like linux distro or are those community edition openvpn server ? Thanks 00:41 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 00:43 < rob0> there is no distinction in the software between server and client. The distinction comes in the configuration options with which the command was invoked. 00:43 < rob0> !as 00:43 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 00:51 < Peter1234> ok ,but i was asking on the downloads if it says openvpn version number etc is that mean community edition of openvpn server and if it says openvpn as version number i assume that is openvpn access server edition ? 00:53 < Peter1234> the downloads that are available on openvpn repositories for updated stable releases 00:57 -!- novaflash_away is now known as novaflash 00:57 -!- jameslordhz [~jack@60.12.143.9] has quit [Ping timeout: 240 seconds] 00:58 < rob0> I don't know what you are looking at, I just get mine included with my Linux distro. Never have looked at AS, either. 00:58 < Peter1234> ok yah i see the one included in the distro its a later version than what they are putting as stable on there website. 00:59 < Peter1234> and it doesn't say AS either as well. 00:59 < rob0> no, a distro will not include AS. 00:59 < Peter1234> Access server has gui interface the distro one is that all configured by command line ? 01:00 < rob0> "Community" version is well documented, see /topic. 01:01 * rob0 is off to bed, good luck. 01:01 < Peter1234> ok thanks 01:02 -!- tessier [~treed@kernel-panic/copilotco] has joined #openvpn 01:03 < tessier> Hello all! Is there a correct way to bring up openvpn in a CentOS client? I currently have it in my /etc/rc.local but that isn't very good. It should come up with the rest of the network interfaces. 01:11 -!- jameslordhz [~jack@60.12.143.134] has joined #openvpn 01:14 <+EugeneKay> tessier - the openvpn package includes the openvpn init scripts. 01:14 <@vpnHelper> RSS Update - forum: I Can't Send PM 01:15 <+EugeneKay> YOu'll find it at /etc/rc.d/init.d/openvpn, along with all the other service scripts. 01:16 <+EugeneKay> To use it, drop your openvpn.conf into /etc/openvpn/, then start the service. chkconfig it on to start at boot, just like any other. 01:18 < tessier> Ah, ok. Thanks! 01:21 <@vpnHelper> RSS Update - forum: OpenVPN and Android/Windows Client -- No IP Address 01:42 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 01:44 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 01:44 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 01:44 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 01:51 -!- dazo_afk is now known as dazo 02:04 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 02:10 -!- beerbro [~gustav@mineralwasser.jesus.si] has quit [Quit: ZNC - http://znc.sourceforge.net] 02:11 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 02:12 -!- beerbro [~gustav@mineralwasser.jesus.si] has joined #openvpn 02:12 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 02:13 -!- mode/#openvpn [+o mattock] by ChanServ 02:15 <@vpnHelper> RSS Update - forum: freeradius + openvpn + mysql Authentication 02:16 < jameslordhz> hi all 02:17 < jameslordhz> i get soucce code of openvpn from git, find no Makefile in it, so how to compile it? 02:18 <+EugeneKay> jameslordhz - read the README. 02:19 < jameslordhz> even no configure file in it, it get source from git, not that tarball, dude 02:19 -!- mattock [~samuli@openvpn/corp/admin/mattock] has quit [Remote host closed the connection] 02:21 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 02:21 -!- mode/#openvpn [+o mattock] by ChanServ 02:22 <+EugeneKay> I don't have a copy of the git repo about, but I'm sure the info you need is there. If you're unable to figure it out, I suggest #openvpn-devel or the mailing list. 02:24 <+EugeneKay> In fact, I just cloned openvpn.git and found the missing step in under 60 seconds. Read the README(and INSTALL) closer, you'll find it. 02:25 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 02:25 <+EugeneKay> If you can't, then I'm sorry to say that you should not be compiling your own software. Have you considered a packaged version? 02:25 < reiffert> mattock: jameslordhz is missing configure and Makefile in the git sourcecode. 02:25 < reiffert> dazo: see above 02:26 <+EugeneKay> reiffert - it's there, I assure you. 02:26 < reiffert> jameslordhz: just a second please. 02:26 <@dazo> jameslordhz: run: autoreconf -vi 02:26 <@dazo> ./configure is only created in tar balls before it's packaged for a release 02:26 <@dazo> (that's how autotools is designed to work) 02:27 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:28 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 02:29 < jameslordhz> dazo i got it:) 02:29 <@dazo> goodie! 02:29 < jameslordhz> just now i use other command to generate configure, but failed 02:30 < jameslordhz> dazo are you familiar with code of openvpn? 02:30 <@dazo> jameslordhz: no, not so much ... I'm just the maintainer of the community git repository :-P 02:31 < jameslordhz> dazo the git repo for openvpn? 02:32 <@dazo> yeah :) 02:33 <@dazo> jameslordhz: what's failing? you need to have autotools packages installed (automake, autoconf, etc) 02:33 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 02:44 -!- beerbro [~gustav@mineralwasser.jesus.si] has quit [Changing host] 02:44 -!- beerbro [~gustav@unaffiliated/beerbroy] has joined #openvpn 03:00 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 03:04 -!- SOG [~SOG@wsip-70-164-132-45.lv.lv.cox.net] has quit [Ping timeout: 244 seconds] 03:09 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 03:14 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:27 <@vpnHelper> RSS Update - forum: tls-server and explicit-exit-notify 03:28 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:34 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 03:45 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 03:52 <@vpnHelper> RSS Update - forum: [HELP] TAP-win32 adapter V9 Access Denied 03:52 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 04:12 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 04:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:16 -!- raa [~nag@42.79-160-154.customer.lyse.net] has joined #openvpn 04:20 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 04:20 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 04:20 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B52E1B.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:24 -!- master_of_master [~master_of@p57B55D78.dip.t-dialin.net] has joined #openvpn 04:30 -!- shogsbro_ [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has joined #openvpn 04:34 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 04:43 -!- shogsbro_ [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has left #openvpn [] 04:47 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 04:48 -!- shogsbro [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has joined #openvpn 04:48 -!- frojnd [~frojnd@86.58.21.55] has quit [Ping timeout: 252 seconds] 04:49 -!- shogsbro [~shogsbro@94-193-45-205.zone7.bethere.co.uk] has left #openvpn ["Leaving..."] 05:06 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 05:07 -!- frojnd [~frojnd@86.58.21.55] has joined #openvpn 05:14 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 05:21 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 05:33 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 05:35 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 05:39 -!- corretico [~luis@190.211.93.11] has joined #openvpn 05:43 -!- SOG [~SOG@wsip-70-164-133-20.lv.lv.cox.net] has joined #openvpn 05:46 <@vpnHelper> RSS Update - forum: How to conect trough ftp to clients 05:58 -!- SOG [~SOG@wsip-70-164-133-20.lv.lv.cox.net] has quit [Quit: I will be back!] 06:12 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 06:13 -!- Axeman2 [~Axeman3@knox.pace.edu] has joined #openvpn 06:13 -!- Axeman2 [~Axeman3@knox.pace.edu] has quit [Changing host] 06:13 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 06:13 -!- mode/#openvpn [+v Axeman2] by ChanServ 06:14 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:16 -!- Axeman3 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Ping timeout: 248 seconds] 06:24 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 06:34 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 06:34 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 06:40 <@vpnHelper> RSS Update - forum: ip pool range help 06:53 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 06:53 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 244 seconds] 07:02 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 07:02 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 07:04 <@vpnHelper> RSS Update - forum: Help me please! The speed limit openvpn. 07:04 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:17 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 07:33 -!- Diffen [~diffen@78-69-119-137-no42.tbcn.telia.com] has joined #openvpn 07:47 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:09 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 08:22 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 08:32 -!- fluter [~fluter@fedora/fluter] has quit [Remote host closed the connection] 08:34 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 08:34 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 08:34 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 08:36 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 240 seconds] 08:37 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:40 <@vpnHelper> RSS Update - forum: Routes problem, ping not into LAN 08:47 < reiffert> can I rename the client certificate name after I've created the certificate? 08:49 < reiffert> not just move foo.crt bar.crt, but rename the common name 08:49 < Olipro> that would require you to generate a new certificate 08:49 < Olipro> there's nothing stopping you from using the same private key you used previously, though 08:50 < reiffert> generating a new certificate mean revoke the old one, create a new one. doesnt quite fit the letters "rename the CN" ... 08:50 < Olipro> revoking the previous one is up to you 08:50 < Olipro> nonetheless, it's not possible to simply change the CN; the signature generated from the CA key is a hash of EVERYTHING in the certificate 08:51 < Olipro> change 1 bit and you get a new hash, and therefore, require a new signatuer 08:51 < Olipro> *signature 08:51 <@dazo> reiffert: you can't change the CN of a CSR or CRt ... the file with the certificate can be named whatever you want, not related to the contents at all 08:51 <@dazo> (in fact, you can't change any information in a CSR or CRT) 08:51 < reiffert> ok, thanks guys, let me check my options. 09:17 -!- eQuiNoX__ [~eQuiNoX__@101.63.241.113] has joined #openvpn 09:18 < eQuiNoX__> hey everyone, i just used openvpn to connect to a vpn network and im able to browse through the webpages in the vpn network. however, when i try to ssh into a server present in that network, im unable to. 09:18 < eQuiNoX__> any suggestions on what i should be doing? 09:18 < eQuiNoX__> thanks in advance. 09:19 < krzee> !route 09:19 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 09:19 < krzee> probably this: 09:19 < krzee> !route_outside_ovpn 09:19 <@vpnHelper> "route_outside_ovpn" is "route_outside_openvpn" is (#1) http://www.secure-computing.net/wiki/index.php/Graph for a cool graph explaining the route you need to add to your gateway, explained better in section: ROUTES TO ADD OUTSIDE OPENVPN in !route, or (#2) you do not need this if the vpn node IS the gateway for its lan 09:19 < eQuiNoX__> let me check it out 09:19 < eQuiNoX__> thank you 09:21 < krzee> np 09:22 -!- eQuiNoX__ [~eQuiNoX__@101.63.241.113] has quit [Client Quit] 09:24 -!- mbutubuntu [~mbutubunt@host125-101-dynamic.35-79-r.retail.telecomitalia.it] has joined #openvpn 09:25 < mbutubuntu> hello folks, I've found on this link (http://openvpn.net/archive/openvpn-users/2004-11/msg00649.html) that openVPN overhead is 69 bytes per packet. 09:25 <@vpnHelper> Title: Re: [Openvpn-users] Overhead added to each packet by OpenVPN? (at openvpn.net) 09:26 < mbutubuntu> do this bytes be added before passing through tun/tap device or after? 09:27 < mbutubuntu> I'm doing this question because I'm tuning up TUN/TAP MTU 09:30 -!- mbutubuntu [~mbutubunt@host125-101-dynamic.35-79-r.retail.telecomitalia.it] has quit [Quit: Sto andando via] 09:31 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:54 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 10:01 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 10:02 <@vpnHelper> RSS Update - forum: Misunderstanding of next-hop 10:05 < Peter1234> I am trying to figure out how i get the the vpn server to issue my own ip subnet range from a dhcp server instead of using the subnet that comes standard with openvpn is this done in the server config file ? 10:06 < krzee> actually 10:06 < krzee> if in bridge mode you just dont use anything to set the address 10:06 < krzee> and dhcp will take over 10:07 < krzee> so like no --server-bridge 10:07 < krzee> i would assume that the same works without bridge if the dhcp server is running on the vpn server 10:09 < Peter1234> ok so i need to setup bridge mode for that to work. yah dhcp is not on the vpn server. 10:10 < Peter1234> so i would bridge my internal interface with vpn server so it can receive the ip range from dhcp. 10:11 < Peter1234> Am i heading in the right direction with that statement ? 10:11 < krzee> well 10:11 < krzee> all depends why you even want this 10:11 < krzee> usually its 100% not needed, and comes from a lack of understanding of routing 10:12 < krzee> so, why do you want that? 10:13 < Peter1234> well this is how i setup all my cisco stuff and i am kind of new to linux and openvpn and want to stay in same standards as i have in the past 10:14 < krzee> !tunortap 10:14 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 10:14 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 10:14 < krzee> may as well do things correctly instead :-p 10:15 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 10:16 < Peter1234> i prefer tun but the statement krzee made . Made me think the only way i can accomplish what i wan to do by bridging. 10:19 < Peter1234> I don't know where openvpn lets me configure this option so i can issue my ip range pool in a tun setting. 10:20 < Peter1234> besides only having to use openvpn 10.8.0.0 subnet range. 10:23 -!- Diffen [~diffen@78-69-119-137-no42.tbcn.telia.com] has quit [Quit: This computer has gone to sleep] 10:23 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:37 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 10:40 < Peter1234> so does any know if what i said is even possible on openvpn i have hundreds of acl in my network and not being able to do this with openvpn would make a disaster. 10:43 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:44 <@dazo> Peter1234: I don't have a complete picture of your requirements .... what are you solving? The overall picture, not the details (like tap+bridging - that's a solution, not the task to solve) 10:49 < Peter1234> complete picture would be to have openvpn establish a tunnel ,but use the dhcp ip range i set and dish those out to the connecting clients 10:50 < Peter1234> not using the standard ip range that comes with openvpn. I hope that makes sense ? 10:50 -!- mocas_ [~mocas@87-196-120-236.net.novis.pt] has joined #openvpn 10:54 -!- mocas__ [~mocas@87.196.251.242] has quit [Ping timeout: 268 seconds] 10:54 <@dazo> Peter1234: why do you need the DHCP server to provide the IPs? What problem does that solve? 10:54 <@dazo> (often the solution isn't to do exactly what other solutions do - but to solve the core problem) 10:56 < Peter1234> it solves me from having to rewrite alot of acl in the internal network to suite with openvpns standard ip range. 10:56 <@dazo> Peter1234: what kind of ACLs is that? 10:56 <@dazo> and where are those ACLs propagated? 10:56 < Peter1234> on cisco switches 10:57 <@dazo> so it's firewall rules? 10:57 <@dazo> or is it more advanced traffic shaping as well? 10:57 < Peter1234> you can say that more ip rules inter vlan rules 10:57 < Peter1234> yah your second statement 10:58 < hyper_ch> hi dazo 10:58 <@dazo> hyper_ch: hey! 10:58 < hyper_ch> dazo: what's up? 10:58 < Peter1234> so if openvpn can do this iwon't have to configure much and pull a cisco unit we have already doing this. 10:59 <@dazo> Peter1234: can you be more specific what these rules do? .... I might have a different approach for you, but if I see it doesn't match - I'll skip adding other approaches 10:59 <@dazo> hyper_ch: pretty good ... u? 10:59 < hyper_ch> dazo: got a little cold... well, it's winter... 11:00 < hyper_ch> besides that, life is good.. in two weeks I should get my new desk 11:00 <@dazo> :) 11:01 -!- hyper__ch [~hyper_ch@adsl-62-167-103-68.adslplus.ch] has joined #openvpn 11:01 -!- hyper_ch [~hyper_ch@ks357331.kimsufi.com] has quit [Disconnected by services] 11:01 -!- hyper__ch is now known as hyper_ch 11:01 -!- hyper__ch [~hyper_ch@ks357331.kimsufi.com] has joined #openvpn 11:01 -!- hyper_ch [~hyper_ch@adsl-62-167-103-68.adslplus.ch] has quit [Disconnected by services] 11:01 -!- hyper__ch is now known as hyper_ch 11:01 < Peter1234> well there are probably alot of things going on in this network i can't probably explain all ,but the 2 switches i can see now have acl that limiting ip subnet ranges to certain departments. 11:01 < hyper_ch> dazo: it'll be a piece of work 11:03 <@dazo> Peter1234: good! I think you should have a quick look at eurephia then ... of course, it won't parse your cisco rules, but configuration and network overhead wise, it might be a better solution 11:03 <@dazo> !eurephia 11:03 <@vpnHelper> "eurephia" is http://www.eurephia.net/ 11:03 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 244 seconds] 11:03 < Peter1234> ok thanks dazo going to read up on it. 11:03 <@dazo> Peter1234: that's a project I'm driving ... it haven't got too much focus lately, but I use the latest development version in production on a smaller site, and it works perfect there 11:04 <@dazo> eurephia is an add-on to openvpn 11:04 * hyper_ch heard that eurphia eats small babies 11:04 <@dazo> hyper_ch: only if they're nasty 11:04 < hyper_ch> I remember I stumbled upon eurephia a while back.. what does it do again? 11:05 < Peter1234> ok cool will look into it. So as far as you know openvpn doesn't support what i am trying do without an add on . 11:05 <@dazo> Peter1234: not out-of-the-box ... which is why I decided to write eurephia .... there is a packet filtering feature in OpenVPN, but that also needs a plug-in to set up the rules 11:06 <@dazo> hyper_ch: it's a more advanced authentication and access control plug-in ... so depending on the combination of username/password and certificate, the firewall is updated to let the traffic through for that user 11:07 < hyper_ch> dazo: right, I remember now 11:07 < Peter1234> dazo : ok thanks you would think this would be easy and more versatile that openvpn team would have already added this feature to dictate your own ip range. 11:08 <@dazo> Peter1234: I don't quite understand 11:09 <@dazo> OpenVPN is more like a virtual network cable ... VPN itself doesn't control the contents of that cable (like in the real world with network cables), it's firewalls which controls the traffic .... which is where OpenVPN + eurephia gives that control 11:10 < hyper_ch> dazo: openvpn is not wireless? :( 11:10 < Peter1234> dazo : it says eurephia is an authentication plug in i don't have authentication issues i have an ip issue i don't care who authenticates i care what ip address there holding when the connect 11:10 <@dazo> Peter1234: if you don't care who connects to the VPN ... how do you know which ACL rules to apply to that connection? 11:11 < Peter1234> cause the network is setup to pool those people into certain ip ranges for there access to different services 11:11 <+EugeneKay> they're* 11:11 <@dazo> IP addresses are a very weak defence mechanism, as that can be forged ... and with proper admin rights on the client, the client may change his VPN address easily 11:12 <@dazo> and especially with OpenVPN ... it's enough to have network admin rights, and you set the IP to whatever you want 11:13 < Peter1234> you might be right in some cases but if there locked down to a specific subnet dished out by dhcp they are not going to get very far changing there ip addresses anyways. 11:14 <+EugeneKay> You might think you're right, but that is such a bad piece of networking advice I don't know where to start telling you you're wrong. 11:14 <@dazo> Peter1234: that requires the firewalls to know which VPN clients are connected with which IP addresses ... so that if the client changes the VPN address, the firewall will block it 11:15 <@dazo> and then you really do need TAP mode, to get the MAC address ... and do firewall matching on IP address + MAC address, to be sure the IP is not changed 11:26 < Peter1234> dazo : i think we all know different ways to accomplish certain things and i am not disagreeing at all with what everyone is saying. A vlan switch can drop any packet that doesn't come from its subnet before it even hits the outside wire so if you change your ip address its going to get dropped and its set up to take anything thats in that subnet to pass through to its necessary areas. We can all go about things certain ways. I was just 11:26 < Peter1234> hoping that openvpn could do what i was asking which i thought it could since i am already doing it in cisco gear. So i spent 2 days setting up this box to get rid of the cisco equipment and didn't plan ahead to check if openvpn could do this. 11:28 <@dazo> Peter1234: how and where will this VLAN tagging happen? 11:29 < Peter1234> I also don't want to get into a debate on what setup is right or wrong i just prefer to try to solve my problem at hand. 11:29 <@dazo> Peter1234: our comments here are mainly concerns that you might go for a solution which don't provide what you believe it will 11:30 * dazo need to head out now 11:30 < Peter1234> dazo : understandable thanks for you time. 11:31 -!- dazo is now known as dazo_afk 11:31 <+EugeneKay> I'm not sure what the problem at hand is. Trying to authenticate based on client IP address, rather than a PKI certificate? 11:32 < krzee> nah 11:32 < krzee> just that his switches are configured to only pass traffic from same subnet 11:32 < Peter1234> eugenekay : its not authenticateing its after authenticating i want openvpn to give out or pass to necessary dhcp server my ip range. Not the standard ip range openvpn comes with 11:32 < krzee> so he wants to bridge to get the same subnet ip from dhcp server 11:33 < krzee> which is totally doable 11:33 <+EugeneKay> OpenVPN doesn't "come with" an IP range, you specify one. 11:33 < krzee> EugeneKay, actually for that, you dont specify one ;] 11:33 <+EugeneKay> If you're bridging, sure. But bridging causes cancer, AIDS, and rapes your cat. 11:33 < krzee> this is true 11:33 < krzee> poor kitty 11:33 <+EugeneKay> The sane thing to do is to expand your switch's allowed subnet. 11:34 < krzee> yes, very much so 11:34 <+EugeneKay> If you can't figure out how to do that, I don't think I can be of any help. 11:34 < krzee> but try convincing people to be sane 11:34 <+EugeneKay> Another option is to use MASQUERADE, but then you lose all accountability beyond that it came from "the vpn server" 11:34 < krzee> true, nat-hack would work there 11:34 < krzee> although that also rapes your cat 11:34 < Peter1234> yah it sounds sane but configuring all the switches and unseen networks in this network to allowed subnet could be just a mess as well i wish it was just one switch and that wouldn't be a problem 11:36 <+EugeneKay> There's your three real options. Pick one. My advice is to bite the bullet and give your switches a decent configuration. 11:36 < krzee> other 2 is bridge, and nat-hack 11:36 < krzee> i also would go with EugeneKay's pick 11:36 < krzee> and ild take that as a chance to clean up the configs so next time would be easier 11:37 <+EugeneKay> To avoid this problem down the line, allow a nice, fat block of subnets instead of a single /24 11:37 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Ping timeout: 252 seconds] 11:37 <+EugeneKay> Pick a /16 out of the 10/8 block. 11:37 * ecrist prefers the 172 1918 range 11:37 < ecrist> !1918 11:37 <@vpnHelper> "1918" is (#1) RFC1918 makes three unique netblocks available for private use: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16 or (#2) see also: http://en.wikipedia.org/wiki/Private_network or http://www.faqs.org/rfcs/rfc1918.html or (#3) Too lazy to find your own subnet? Try this one: http://scarydevilmonastery.net/subnet.cgi 11:37 < krzee> wait wait, you want people to properly subnet as well!?!? 11:37 < Peter1234> yah i am going to have to consider this guys thanks for your input. 11:37 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:37 -!- mode/#openvpn [+o raidz] by ChanServ 11:38 < krzee> np 11:39 <+EugeneKay> I pick a /16 out of 10/8 for each of my "sites", and then divide that up into VLANS of /20 or /24. Each machine ends up with a /28 or /32, as appropriate. 11:52 < prg3> EugeneKay. That's what I did with mine.. it's really handy for routing and knowing which machine is in which office. 11:53 <+EugeneKay> And you can even connect to other 10/8 users' networks, so long as there's no /16 conflicts. 11:55 -!- ErichG [~erich_loc@c-98-217-114-230.hsd1.ma.comcast.net] has quit [Quit: ErichG] 12:09 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:15 < rob0> I've done the same thing subnetting 192.168/16 into /22's or /21's. 12:31 < kzoo> in an openvpn iroute/route statement, can i specify a different source address? im using a 'tun' interface and all traffic across the tunnel is sourced as my point-to-point /30 12:32 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 12:35 < krzee> kzoo, huh? 12:36 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 12:37 < prg3> EugeneKay: Yes.. just make sure you never use 10/8 as a machine's netmask, and only use the /24s or however you carve up the /16s for each site.. 12:37 <+EugeneKay> Well, duh. 12:37 < prg3> :) 12:38 < prg3> I just brought up a site, and had some of my assistants learn that one the hard way 12:38 <+EugeneKay> Spank them. 12:38 < prg3> They learned 12:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 12:41 < ecrist> we use a /16 for our net, and use a bridged openvpn config. 12:44 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 12:49 < hyper_ch> dazo_afk: krzee: http://www.youtube.com/watch?v=LNrLfylgHE0 12:49 <@vpnHelper> Title: How to Buy a Car, Using Game Theory - YouTube (at www.youtube.com) 12:51 < Peter1234> Eugenekay : earlier you mentioned you use a /16 10.8 for your sites right ? 12:51 <+EugeneKay> Yus 12:51 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 255 seconds] 12:51 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 12:53 < Peter1234> the network i am using is 10.15 /16 . which is you planned to use openvpn and new you only had access to 10.8 /16 subnet with openvpn as tun which is what i was talking about earlier of being locked into a certain subnet by openvpn. 12:53 < Peter1234> new = knew 12:53 < Essobi> sup 12:53 < ecrist> Peter1234: openvpn isn't locked in to 10.8/16 12:54 < ecrist> not sure why you'd think that. 12:54 < Peter1234> ecrist : you have a way i can configure my client connections in tun mode with my own range from my own dhcp server ? 12:54 < rob0> Using the default is generally NOT a good idea, because it is going to clash with all the other fools who used the default too. :) 12:55 < hyper_ch> ecrist: http://www.youtube.com/watch?v=LNrLfylgHE0 12:55 <@vpnHelper> Title: How to Buy a Car, Using Game Theory - YouTube (at www.youtube.com) 12:56 < ecrist> Peter1234: I'm not going to build your vpn for you, but if you search for '--server-bridge ' on the man page, you'll answer your own question 12:57 < Peter1234> ecrist : i am not asking you to build my vpn ,but i thought server -bridge is a tap setting. 12:57 < ecrist> it is 12:57 < ecrist> tun (routed) is a layer 3 tunnel, tap (bridged) is layer 2 (where DHCP is) 12:58 < ecrist> you cannot pass ethernet frames across a tunnel that depends on IP information. 13:00 < ecrist> and, if you want to use DHCP from your remote LAN, tap is the right thing to do. 13:01 < Peter1234> ecrist : you happen to know the overhead on that configuration is it noticable different ? 13:03 < ecrist> I use a bridged VPN, and we have openvpn hand address out from a /24 13:19 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has joined #openvpn 13:20 -!- DataZombie [~DataZombi@unaffiliated/skynet2000] has quit [Client Quit] 13:33 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Remote host closed the connection] 13:40 < Essobi> Hmm.. Any reason I can't use push '"redirect-gateway def1"' in a CCD? 13:40 < Essobi> When I move that directive to the ccd from the primary server config.. I can connect still, but I can't route anywhere.. 13:44 < JoeyJoeJo> I've got an OpenVPN client on my iphone. Even though my server is set to route all traffic over the VPN tunnel, web traffic on my iphone doesn't go over the tunnel. However traffic bound for my network does. How can I fix this? 13:50 <+EugeneKay> Sounds like the route isn't actually "taking", or not being used on the client. I don't have a clue where to start debugging on iOS, other than to ask for logs. 13:51 -!- eyefor [~shiva@109.228.80.113] has joined #openvpn 13:51 < JoeyJoeJo> Yeah, I guess I'll look around on the device for the logs, but I suspect it's like you said 13:51 <+EugeneKay> "EugeneKay is right because EugeneKay is always right." 13:52 < eyefor> Hello, I'm using OpenVPN as VPN server on my linux box and I was wondering if there is some way to monitor traffic of each user? This would be extremely helpful! 13:52 < krzee> eyefor, in your firewall 13:53 < krzee> look for how to do it with normal lan users, its the same thing, except they are connecting over a vpn instead of a physical cable 13:53 < eyefor> krzee, I'm using iptables, would that work for each user separately? 13:53 < krzee> yes, but i cant tell you how 13:53 < eyefor> ok I'll figure it out 13:53 < krzee> not cause its top secret, but because i have never done it ;] 13:53 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:53 < eyefor> thanks for pointing me to right direction 13:53 <+EugeneKay> You'll want to give static IPs via CCD and something involving packet counting. 13:53 < krzee> np 13:53 < krzee> yes, what EugeneKay said 13:53 -!- Bitvilag [~Bitvilag@dsl4E5C7261.pool.t-online.hu] has joined #openvpn 13:53 < krzee> and you probably wanna use the default topology, with tun 13:54 < krzee> that way users cant ifconfig to a different IP 13:54 < eyefor> yeah I'm using tun 13:54 < krzee> !static 13:54 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder 13:54 < krzee> and dont use topology subnet =] 13:55 < eyefor> so I'm assigining static IP when I create client conf file, right? 13:56 <+EugeneKay> Yes. Each client will need a ccd/ file with their IP 13:57 < eyefor> damn, that would be tricky since I would have to deploy new config files to dozens of clients 13:57 <+EugeneKay> No. 13:57 <+EugeneKay> !ccd 13:57 <@vpnHelper> "ccd" is entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name 13:58 <+EugeneKay> Not client.conf, my mistake. Server-side, in the ccd/ dir, one file per client. 13:58 < eyefor> oh great! 13:59 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 13:59 < eyefor> I'm going to investigate this now, thanks!\ 13:59 < krzee> np i4 13:59 < krzee> grendal_prime is here, hide the all-spark! 13:59 < grendal_prime> whats the channel for access server support? 14:00 * krzee points @ topic 14:00 < krzee> !as 14:00 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 14:00 < grendal_prime> sorry man for some reason this client chops the topic off and i cant seem to find a place to display it all 14:00 < krzee> by typing /topic 14:00 < grendal_prime> aahh thanks hehehe 14:00 < krzee> np ;] 14:01 < grendal_prime> so how you been man? 14:01 < grendal_prime> still in the sunshine state? 14:05 < krzee> must have me confused with someone else, but im doing well =] 14:05 < krzee> i dont live in usa ;] 14:06 -!- eyefor [~shiva@109.228.80.113] has quit [Quit: Leaving] 14:06 < krzee> how have you been? 14:06 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 14:14 -!- Bitvilag [~Bitvilag@dsl4E5C7261.pool.t-online.hu] has quit [] 14:24 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 14:24 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 14:24 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:24 -!- mode/#openvpn [+v Axeman] by ChanServ 14:26 -!- kzoo [~russellm@rustlesolutions.ca] has left #openvpn [] 14:27 -!- Some_Person [~Some_Pers@unaffiliated/someperson/x-249303] has left #openvpn ["Leaving"] 14:35 -!- stevieman [~Rob@72.38.184.18] has joined #openvpn 14:38 < stevieman> I have an openvpn setup that has been working great for about a year now. We recently changed ISPs and now one of the client computers cannot connect. Open GUI issues this error: TCP/UDP: Incoming packet rejected from 192.168.2.12:1194(2), expected per address {external IP} (Allow this incoming source address/port by removing --remote or adding --float) 14:39 < stevieman> I followed the same procedure for updating this machine as I did others. Open the .opvn config file and update the IP address to the new one. 14:42 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:54 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 14:59 -!- Flare183 [~jesse@botters/flare183] has joined #openvpn 14:59 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 15:00 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 15:03 -!- kitharris [~meow@71.188.116.185] has quit [Client Quit] 15:04 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 15:09 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:13 < Essobi> Is there any limit for the contents of a CCD file? 15:14 -!- converge_ [~converge@187.55.221.96] has joined #openvpn 15:14 < hyper_ch> what do you mean with limit? 15:14 < hyper_ch> the CCD will just overwrite stuff in the server config 15:14 < hyper_ch> if there are conflicting things 15:14 < hyper_ch> IIRC 15:15 < kitharris> My problem: http://pastebin.com/ieGMV0ZN Please help. :) 15:16 < Essobi> hyper_ch: I moved a directive from the main server config, to a CCD, and it seems to dead route all my traffic to nowhere, when I do. 15:17 < hyper_ch> what directive? 15:17 < Essobi> push "redirect-gateway def1" 15:18 < Essobi> It works as expected when in the main config. 15:18 < Essobi> All my traffic routes over the VPN. 15:18 < hyper_ch> should also work in the CCD 15:18 < Essobi> I would think so too.. 15:18 < hyper_ch> s/should/does/ 15:18 < hyper_ch> as I use it for one machine only in a ccd 15:19 < Essobi> yea, this is per user CCDs. 15:19 < hyper_ch> ifconfig-push 10.8.0.8 255.255.255.0 15:19 < hyper_ch> push "redirect-gateway def1 15:19 < hyper_ch> works fine 15:19 -!- joao [~converge@187.55.221.96] has joined #openvpn 15:21 < Essobi> Hmm... Perhaps I have to move the push "dhcp-option...'s with them as well.. 15:22 < Flare183> Can someone help kitharris? o_O That seems like a windows bug or something. 15:23 -!- converge_ [~converge@187.55.221.96] has quit [Ping timeout: 240 seconds] 15:33 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has quit [Remote host closed the connection] 15:33 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has joined #openvpn 15:33 < Essobi> hyper_ch: So again... no reason this config change shouldn't work? Hmm... 15:33 < hyper_ch> Essobi: it should 15:33 < hyper_ch> Flare183: issue !welcome 15:33 < hyper_ch> kitharris: issue !welcome 15:34 < kitharris> !welcome 15:34 < Flare183> hyper_ch: um I'm one of kitharris' friends. 15:34 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:34 -!- grendal_prime [~grendal_p@2001:470:822a:200:1e75:8ff:fe48:dfef] has left #openvpn [] 15:34 < kitharris> !goal 15:34 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 15:34 < Essobi> !route 15:34 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 15:38 < kitharris> I want a private network between a group of online computers, using static IPs so that we can host various services to each other from within the VPN. 15:40 < Essobi> kitharris: Read the route URL right there. 15:40 < Essobi> that's pretty close to their example 15:44 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 15:44 <@vpnHelper> RSS Update - forum: OpenVPN client for the iPhone and iPad 15:48 < kitharris> I'm not trying to route any external network though. 15:49 < kitharris> I have --client-to-client set and I want clients to be able to connect directly to each other through the vpn, which is already working, except for the first windows client I've tried to add. 15:56 -!- joao [~converge@187.55.221.96] has quit [Quit: Linkinus - http://linkinus.com] 15:57 < Essobi> kitharris: yea, I read that... it's weird. 15:57 < Essobi> What version are the server, linux clients, and windows client? 15:58 < kitharris> OpenVPN 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Jan 3 2012 15:58 < kitharris> That's for the server and some of my clients 15:58 < Essobi> And the swindows client? 15:58 < kitharris> 2.2.2 from openvpn.net 15:59 < Essobi> yea, no idea. 15:59 <@vpnHelper> RSS Update - forum: using tls-auth with multiple clients 16:00 < Essobi> Really weird. 16:01 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:05 * EugeneKay blinks 16:05 <@vpnHelper> RSS Update - forum: Is there other special configuration needed based on ISP ? 16:06 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 252 seconds] 16:08 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Quit: Ex-Chat] 16:16 < kitharris> http://pastebin.com/P9UNPFY7 http://i.imgur.com/x417Z.png 16:23 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 16:23 -!- mode/#openvpn [+o raidz] by ChanServ 16:27 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has joined #openvpn 16:27 -!- Gravitron [~admin@cpe-65-28-68-253.kc.res.rr.com] has quit [Changing host] 16:27 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:38 < kitharris> !topology 16:38 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) See http://osdir.com/ml/network.openvpn.devel/2005-09/msg00020.html for more history on this. 16:39 < kitharris> !/30 16:39 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 16:39 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 16:52 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has joined #openvpn 16:54 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 17:00 <@vpnHelper> RSS Update - forum: Site to Site Problems! 17:01 < kitharris> Fixed my problem: set --topology subnet, changed all client configs to ifconfig-push 255.255.255.0 17:02 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 17:03 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Read error: Connection reset by peer] 17:03 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 17:07 -!- kitharris [~meow@71.188.116.185] has quit [Quit: haihai] 17:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:08 -!- mode/#openvpn [+v Axeman] by ChanServ 17:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Connection reset by peer] 17:18 -!- Peter1234 [~jircii@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 17:24 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 17:34 -!- converge [~converge@unaffiliated/joaop] has joined #openvpn 17:34 -!- converge [~converge@unaffiliated/joaop] has left #openvpn [] 17:37 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 17:39 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 17:42 -!- astrostl [~astrostl@71-11-141-45.dhcp.stls.mo.charter.com] has quit [] 17:44 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 17:47 -!- Flare183 [~jesse@botters/flare183] has quit [Quit: herp derp] 17:48 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Ping timeout: 240 seconds] 17:50 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has joined #openvpn 18:02 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 18:12 -!- nonotza [~nonotza@66.246.94.130] has joined #openvpn 18:12 < nonotza> I'm having trouble connecting to the internet while connected to an openvpn server I just setup. I followed the directions here: http://openvpn.net/index.php/open-source/documentation/howto.html#redirect but I am still not able to connect. Here are the client IP tables: http://pastebin.com/faZLc6ZE 18:12 <@vpnHelper> Title: HOWTO (at openvpn.net) 18:12 -!- glc_ [~Gclark@adsl-99-63-81-253.dsl.chcgil.sbcglobal.net] has joined #openvpn 18:12 -!- glc_ [~Gclark@adsl-99-63-81-253.dsl.chcgil.sbcglobal.net] has left #openvpn ["Leaving"] 18:14 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 18:15 < Schnabeltier> nonotza that´s the same problem i´m trying to solve :P 18:28 -!- nonotza_ [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 18:30 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 18:30 -!- nonotza [~nonotza@66.246.94.130] has quit [Ping timeout: 240 seconds] 18:30 -!- nonotza_ is now known as nonotza 18:40 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: Leaving] 18:46 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 18:52 -!- Denial [Denial@drgi.co.uk] has quit [] 18:54 -!- _quadDam1ge [~EmperorTo@jaguar-2-red.claimlynx.com] has joined #openvpn 18:55 -!- zeshooem [~zee@108.162.156.19] has joined #openvpn 18:55 -!- X0Rc0re [~chatzilla@203-206-48-170.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 18:56 -!- _julian [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has joined #openvpn 19:02 -!- EvilJStoker_ [jstoker@unaffiliated/jstoker] has joined #openvpn 19:03 -!- Netsplit *.net <-> *.split quits: zeshoem, +_quadDamage, _julian_, mrsno_, +fbh, +EvilJStoker 19:03 -!- EvilJStoker_ is now known as EvilJStoker 19:05 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Quit: nonotza] 19:14 -!- fbh [fbh@lucifer.frands.net] has joined #openvpn 19:14 -!- mrsno_ [~sno@static.153.209.46.78.clients.your-server.de] has joined #openvpn 19:15 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has joined #openvpn 19:20 -!- tekzilla [~jon@hmbg-4d06db09.pool.mediaWays.net] has quit [Ping timeout: 240 seconds] 19:22 -!- tekzilla [~jon@hmbg-4d06cbee.pool.mediaWays.net] has joined #openvpn 19:28 -!- fbh [fbh@lucifer.frands.net] has quit [Changing host] 19:28 -!- fbh [fbh@unaffiliated/fbh] has joined #openvpn 19:37 -!- mohi666 [mohi666@nat/google/x-kytvirjnjgmvhfnq] has joined #openvpn 19:38 < mohi666> What's the public IP of a remote user in a routing VPN? 19:38 < mohi666> their own IP or the VPN public IP? 19:56 -!- _julian_ [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has joined #openvpn 20:00 -!- _julian [~quassel@hmbg-4d06ae95.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 20:05 -!- _julian_ [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has quit [Quit: No Ping reply in 180 seconds.] 20:05 -!- _julian [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has joined #openvpn 20:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 20:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 20:30 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Ping timeout: 252 seconds] 20:32 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 20:42 -!- mohi666 [mohi666@nat/google/x-kytvirjnjgmvhfnq] has quit [Quit: Leaving] 20:43 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 20:51 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn 20:54 -!- sPiN [~sPiN@opensuse/member/jcspin247] has joined #openvpn 22:02 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Ping timeout: 252 seconds] 22:10 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 22:24 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:32 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 22:35 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 22:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:49 -!- netskay [~netskay@c-71-207-130-87.hsd1.va.comcast.net] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- Po-ta-to, boil em, mash em, stick em in a stew.] 22:59 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Remote host closed the connection] 23:06 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 23:14 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 23:20 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Ping timeout: 255 seconds] 23:21 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 23:32 -!- krzie [nobody@hemp.ircpimps.org] has joined #openvpn 23:32 -!- krzie [nobody@hemp.ircpimps.org] has quit [Changing host] 23:32 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:39 -!- l0rd_hex [~rubit_man@S0106000024c61290.ed.shawcable.net] has quit [Read error: Connection reset by peer] 23:43 -!- l0rd_hex [~rubit_man@S0106000024c61290.ed.shawcable.net] has joined #openvpn 23:53 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn 23:54 < X0Rc0re> what sort of hash is this? 7679827e8335635f63 23:56 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] --- Day changed Fri Jan 13 2012 00:01 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:01 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Read error: Connection reset by peer] 00:02 -!- Cr4zi3 [killaz@staff.xbins.org] has joined #openvpn 00:14 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 00:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:46 -!- tjz [~pc@unaffiliated/tjz] has quit [Ping timeout: 240 seconds] 01:14 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:14 -!- `Ile` [~Ile@kaniserver.net] has quit [Client Quit] 01:25 < hyper_ch> krzee: https://www.youtube.com/watch?v=CjaC8Pq9-V0 01:25 <@vpnHelper> Title: Revolution OS - YouTube (at www.youtube.com) 01:31 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 01:33 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 01:38 <@vpnHelper> RSS Update - forum: OpenVPN apt/yum repos now available 01:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 01:53 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 02:01 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has joined #openvpn 02:02 < matyk2012> Hello All, I am having an issue when i try to get a client to connect to my vpn server. I have tried using TCP and UDP (Not sure why... ) but both failed. 02:02 < matyk2012> When i tried to connect via TCP 02:02 < matyk2012> I get the following Log entry 02:02 < matyk2012> Fri Jan 13 07:57:58 2012 andriod/94.197.127.26:57375 Connection reset, restarting [0] 02:05 < matyk2012> on UDP i got 02:05 < matyk2012> Fri Jan 13 07:56:21 2012 read UDPv4 [ECONNREFUSED]: Connection refused (code=111) 02:08 <@vpnHelper> RSS Update - forum: openvpn on Centos 5.5 02:08 <+EugeneKay> matyk2012 - "andriod"..... phone? 02:08 < matyk2012> yup its rooted and using custom rom would this be the issue? 02:08 <+EugeneKay> Most likely a carrier firewall. 02:09 < matyk2012> ah hm anyway i can confirm? 02:09 < matyk2012> before i use to ssh tunnel to access my stuff 02:09 <+EugeneKay> Try it over WiFi ;-) 02:09 < matyk2012> would the subnet clash though? 02:09 <+EugeneKay> Use a /different/ WiFi network. 02:10 <+EugeneKay> I was reading something today about T-Mo falsifying TCP RSTs and outright blocking UDP, for whatever stupid reason. 02:10 <+EugeneKay> I've never had issue with it, but I don't use my phone off WiFi much. 02:10 < matyk2012> i have tried TCP and UDP 02:10 < matyk2012> I dont have access to another wifi either :( 02:11 <+EugeneKay> https://grepular.com/Punching_through_The_Great_Firewall_of_TMobile 02:11 <@vpnHelper> Title: Punching through The Great Firewall of T-Mobile (at grepular.com) 02:11 <+EugeneKay> tl;dr: ignore the TCP RSTs 02:11 < matyk2012> im not on tmobile but would it be usefull? 02:11 <+EugeneKay> Worth a go. 02:12 * EugeneKay snoozes 02:13 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 02:13 <@vpnHelper> RSS Update - forum: OpenVPN with redirect-gateway renders public ip inaccessable 02:16 -!- dazo_afk is now known as dazo 02:18 * hyper_ch gives EugeneKay a tissue 02:19 <+EugeneKay> Snooze, not sneeze. 02:19 < hyper_ch> :) 02:20 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 02:28 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 02:33 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 02:41 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 240 seconds] 02:42 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 02:43 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 02:45 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 02:47 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 02:48 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 02:52 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 02:57 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 03:16 -!- bragon_ is now known as bragon 03:22 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 03:34 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 03:35 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 03:38 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:51 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Remote host closed the connection] 03:59 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 03:59 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 03:59 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:15 <@vpnHelper> RSS Update - forum: my wish 04:16 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has joined #openvpn 04:17 -!- style [style@vpn.ilric.org] has joined #openvpn 04:18 < style> Hi, is there any way to restrict one user's access to only one ip (i.e. user A logs into openvpn and I want to nullroute everything except server B) 04:19 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has joined #openvpn 04:21 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 04:21 -!- stdudz [~stdudz@cpc4-newc15-2-0-cust168.gate.cable.virginmedia.com] has left #openvpn [] 04:21 -!- master_of_master [~master_of@p57B55D78.dip.t-dialin.net] has quit [Ping timeout: 255 seconds] 04:22 -!- Ile [~Ile@kaniserver.net] has joined #openvpn 04:22 -!- Ile is now known as `Ile` 04:23 -!- master_of_master [~master_of@p57B55B8C.dip.t-dialin.net] has joined #openvpn 04:26 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 04:27 <@vpnHelper> RSS Update - forum: using tls-auth with multiple clients || openvpn on Centos 5.5 04:40 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:42 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:49 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 05:04 <@dazo> style: that's doable, with some dynamic firewall updates .... look into the script hooks, at --learn-address specifically 05:04 <@dazo> style: if you want something even more robust, but also more advanced, you can have a look at eurephia 05:04 <@dazo> !eurephia 05:04 <@vpnHelper> "eurephia" is http://www.eurephia.net/ 05:06 < style> dazo: thanks! 05:35 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 05:35 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 05:45 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 05:45 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 05:45 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 05:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 05:55 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 05:58 -!- corretico [~luis@190.211.93.11] has joined #openvpn 06:01 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 06:11 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 06:17 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 06:19 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Read error: Connection reset by peer] 06:20 -!- sia^pwnnt [8440frag@owned.ninjasinpyjamas.biz] has quit [Quit: -)(- If you can't see the fnords, they can't eat you.] 06:37 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 07:01 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 07:07 < reiffert> ipsec is driving me nuts. 07:08 < reiffert> any knowledge about: ipsec server running on linux, working clients: win7, osx, android, iphone/ipad without the need of breaking the jails? 07:09 < hyper_ch> !ipsec 07:09 < hyper_ch> :) 07:10 < ecrist> reiffert: IPSec sucks 07:10 < ecrist> and is best left to same-manufacturer implementations. 07:10 < ecrist> we only use it for client VPNs and then only for large corporate networks. 07:14 < hyper_ch> and IPSec eats small babies 07:16 < rob0> without ketchup? Oh, the horrors! 07:18 < reiffert> ipsec may suck, but customers are afraid in breaking the android/iOs jails, so openvpn is out of an option 07:19 < hyper_ch> but rooting android is simple 07:19 < reiffert> shut up. 07:19 < reiffert> strongswan? 07:19 < hyper_ch> and you'll never know what spyware your distributor has put on stock android 07:20 < reiffert> see above 07:22 < rob0> Set up ipsec for them and charge a heck of a lot of money. 07:24 < reiffert> rob0: providing a proper solution is more of my goals than charging lots of money. 07:26 < rob0> Well, you already have openvpn ... is that not a proper solution? Should you forever be jerked around by the whims of proprietary device vendors? 07:26 * dazo keeps his mouth shut until he is sure to get a decent portion of the "lots of money" pot 07:26 < rob0> if so, have fun, but this is not really the place to ask for ipsec advice 07:27 < reiffert> rob0: yeah, fuck it and now shut up or try to be more helpful. 07:27 <@dazo> hehehe 07:28 < rob0> I think at this point a mutual /ignore looks best. 07:28 < reiffert> ack. 07:30 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has joined #openvpn 07:30 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 245 seconds] 07:31 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:32 -!- Mp5 [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has joined #openvpn 07:33 -!- Mp5- [~Mp5@99-59-223-143.lightspeed.jcvlfl.sbcglobal.net] has quit [Ping timeout: 240 seconds] 07:33 -!- luckman212 [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Ping timeout: 240 seconds] 07:49 < ecrist> reiffert: I'd just use PPTP on android/iOS devices 07:49 < ecrist> also 07:49 < ecrist> !notopenvpn 07:49 <@vpnHelper> "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 07:56 <@vpnHelper> RSS Update - forum: Multiple VPN (Cisco and openvpn) 1 WAN IP 07:58 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 08:20 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 08:26 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 08:27 -!- jameslordhz [~jack@60.12.143.134] has quit [Ping timeout: 248 seconds] 08:31 -!- mocas__ [~mocas@87-196-247-143.net.novis.pt] has joined #openvpn 08:31 <@vpnHelper> RSS Update - forum: OpenVPN AS NATmode || Routing to VPN stil not working with Open VPN2.2.2 08:34 -!- mocas_ [~mocas@87-196-120-236.net.novis.pt] has quit [Ping timeout: 252 seconds] 08:34 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:42 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 08:44 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 08:45 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 252 seconds] 08:45 -!- takamichi [~pri@217.23.4.104] has joined #openvpn 08:49 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 08:56 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:02 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:08 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:14 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 09:23 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 09:32 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 09:39 <@vpnHelper> RSS Update - forum: Bridge client gets gateway from DHCP despite server-bridge 09:51 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 09:51 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 09:51 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 10:16 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 244 seconds] 10:20 -!- mocas_ [~mocas@87-196-125-224.net.novis.pt] has joined #openvpn 10:23 -!- mocas__ [~mocas@87-196-247-143.net.novis.pt] has quit [Ping timeout: 248 seconds] 10:25 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 10:27 <@vpnHelper> RSS Update - forum: Ubuntu 10.10 Certificate error 10:29 -!- `Ile` [~kvirc@178.222.168.150] has joined #openvpn 10:32 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 10:34 -!- EugeneKay [eugene@itvends.com] has quit [Quit: ZNC - http://znc.in] 10:42 -!- EugeneKay [znc@itvends.com] has joined #openvpn 10:45 -!- takamichi [~pri@217.23.4.104] has quit [Ping timeout: 240 seconds] 10:45 -!- mocas__ [~mocas@87-196-243-47.net.novis.pt] has joined #openvpn 10:46 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 10:46 -!- EugeneKay [znc@itvends.com] has quit [Remote host closed the connection] 10:49 -!- mocas_ [~mocas@87-196-125-224.net.novis.pt] has quit [Ping timeout: 240 seconds] 10:49 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 10:54 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 252 seconds] 10:57 -!- mocas_ [~mocas@87-196-123-103.net.novis.pt] has joined #openvpn 11:02 -!- mocas__ [~mocas@87-196-243-47.net.novis.pt] has quit [Ping timeout: 268 seconds] 11:03 -!- luckman212_ [~irc@pool-108-41-8-176.nycmny.fios.verizon.net] has quit [Read error: Connection reset by peer] 11:03 -!- EugeneKay [znc@itvends.com] has joined #openvpn 11:13 -!- EugeneKay [znc@itvends.com] has quit [Quit: ZNC - http://znc.in] 11:13 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 11:14 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 260 seconds] 11:21 -!- `Ile`|2 [~kvirc@178.222.177.110] has joined #openvpn 11:21 -!- `Ile` [~kvirc@178.222.168.150] has quit [Ping timeout: 244 seconds] 11:27 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 11:31 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 11:31 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 11:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:31 -!- mode/#openvpn [+v Axeman] by ChanServ 11:32 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 11:34 -!- `Ile`|2 is now known as `Ile` 11:36 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 11:57 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has joined #openvpn 11:57 < okamis_> !goal 11:57 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 11:58 < okamis_> !welcome 11:58 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 11:58 < okamis_> !howto 11:58 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 12:12 < okamis_> my goal is to make the server not lose lan connection when starting the openvpn server 12:13 < okamis_> http://pastebin.com/KLPFhxzs 12:16 <@dazo> sounds like a good goal ;-) 12:17 <@dazo> okamis_: what's the IP range you use on your LAN? 12:17 < okamis_> 10.1.1.0 12:18 <@dazo> okamis_: that's the mistake in your config .... you can't use the same IP address range in the VPN as the LAN 12:18 <@dazo> change the VPN subnet to, say, 10.8.0.0 255.255.255.0 12:18 < okamis_> oh, 12:18 < hyper_ch> 10.8.0.x <3 12:19 <@dazo> :) 12:20 < okamis_> question: what does the mask do with the ip? I cant really understand that part 12:20 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 12:21 <@dazo> !tcpip 12:21 <@vpnHelper> "tcpip" is http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf See chapter 3.1 for useful basic TCP/IP networking knowledge you should probably know 12:21 <@dazo> okamis_: ^^ that book should describe all these details, pretty in detail ... that's a really important aspect to understand about TCP/IP addressing 12:22 < okamis_> thx, I tried reading some wiki and making sense of a netmask calculator, gave me nightmares 12:22 < hyper_ch> okamis_: simply said: the ip address indicates the start of the subnet and the mask defines the range of it 12:23 < hyper_ch> dazo: is that so wrong? 12:23 < okamis_> not read it through yet, but 10.1.1.0 and mask 255.255.255.0 would make me believe the range is 10.1.1.0 to 255.255.255.0 but Im quite sure that aint right 12:24 <@dazo> hyper_ch: that's true ... but you forget the trick about how the netmask is used to calculate the start and the end 12:25 < hyper_ch> :) 12:27 <@dazo> okamis_: actually, 255.255.255.0 means that you have 256 IP addresses available .... and 2 of these are not "normal" IP addresses (the first and the last one) 12:27 <@dazo> but read about it, and you'll see the bigger picture :) 12:29 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 12:29 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 12:29 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 12:34 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 12:36 -!- dazo is now known as dazo_afk 12:41 -!- dazo_afk is now known as dazo 12:42 -!- dazo is now known as dazo_afk 12:49 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 12:51 <@vpnHelper> RSS Update - forum: using tls-auth with multiple clients 13:03 -!- stephanj [stephan@nemesis.stejau.de] has left #openvpn [] 13:09 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 13:21 <@vpnHelper> RSS Update - forum: Routing to VPN stil not working with Open VPN2.2.2 13:36 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 13:36 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn 14:11 -!- _quadDam1ge is now known as _quadDamage 14:17 -!- nowen [~nowen@adsl-74-176-212-133.asm.bellsouth.net] has joined #openvpn 14:19 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 14:35 -!- `Ile` [~kvirc@178.222.177.110] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 14:38 < sPiN> howdy chaps.. I was just got openvpn configured on my pfsense firewall and got a linux 3.1 kernel'd client to connect to it.. i was using a usb 3g modem and disabling the wifi 14:40 < sPiN> i noticed the interface for the usb 3g modem has an MTU of only 128 and i think this might be causing all of these udpv4 no buffer space available errors 14:41 < sPiN> ive tried enabling mss and setting various mtus, but i cant seem to shut that error up.. i did notice that if i set an mtu of 966 on the tun device i seemed to get consistent perf. i am doing a redirect gateway setup and everything works as expected.. so it may just be an annoying warning i have to deal with 14:43 < sPiN> it spams several a minute in the clients logs.. i disabled the usb 3g modem and enabled wifi and was able to loopback into my external ip and connect to the vpn without any of these udpv4 errors.. so im wondering if any of you guys might have experience with 3g modems on clients and openvpn connections 14:44 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:47 -!- tessier [~treed@kernel-panic/copilotco] has quit [Read error: Connection reset by peer] 14:49 -!- newl [~newl@97.75.165.156] has joined #openvpn 14:56 -!- dollabill [~mike@199.44.8.98] has quit [Ping timeout: 244 seconds] 15:03 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 15:09 -!- Beave [~champ@bundy.vistech.net] has quit [Ping timeout: 252 seconds] 15:19 -!- oc80z [~oc80z@blea.ch] has quit [Changing host] 15:19 -!- oc80z [~oc80z@openvpn/user/oc80z] has joined #openvpn 15:21 -!- rmull [rmull@nooperation.org] has joined #openvpn 15:22 -!- rmull [rmull@nooperation.org] has left #openvpn [] 15:44 < Essobi> ˜/2 15:45 -!- newl [~newl@97.75.165.156] has left #openvpn [] 15:51 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 15:52 -!- matyk2012 [~mathew@cpc14-slou1-2-0-cust242.haye.cable.virginmedia.com] has quit [Remote host closed the connection] 15:54 <+dxtr> What could it be if the connection to a server stops at "MANAGEMENT: >STATE:1326490377,WAIT,,," 15:54 <+dxtr> after "UDPv4 link remote: " 15:54 -!- johnny_be_yellow [~Joe@96.26.97.237] has joined #openvpn 15:54 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 15:54 < johnny_be_yellow> !welcome 15:54 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:55 < johnny_be_yellow> !route 15:55 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 16:01 < johnny_be_yellow> I've got a problem that's driving me crazy -- somehow I guess I'm making a routing loop on the clients that causes openvpn to use 100% of a cpu. I have everything working with a single push "route 192.168.39.0 255.255.255.0" -- if I add a push "route 192.168.40.0 255.255.255.0" the openvpn windows client goes nuts and never sends anything it just burns cpu -- I don't understand it -- 192.168.39 and 40 are not on the client at all. Is there a way to 16:01 < johnny_be_yellow> what's happening on the client openvpn side? 16:05 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:08 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 16:10 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 16:10 -!- mode/#openvpn [+o raidz] by ChanServ 16:34 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:39 -!- EugeneKay [eugene@itvends.com] has quit [Ping timeout: 252 seconds] 16:39 -!- nowen [~nowen@adsl-74-176-212-133.asm.bellsouth.net] has quit [Quit: Leaving.] 16:47 -!- EugeneKay [eugene@itvends.com] has joined #openvpn 16:49 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 16:49 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 16:49 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:51 -!- mode/#openvpn [+v EugeneKay] by ChanServ 16:58 <@vpnHelper> RSS Update - forum: multicast config 17:09 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 260 seconds] 17:10 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 17:19 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 17:40 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has joined #openvpn 17:48 -!- Netsplit *.net <-> *.split quits: sigius, JackWinter, corretico 17:52 -!- Netsplit over, joins: corretico 17:55 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:55 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:55 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:55 -!- mode/#openvpn [+v Axeman] by ChanServ 17:55 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has joined #openvpn 17:57 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 18:04 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 18:04 < MeanderingCode> hello all 18:04 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 18:04 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 18:04 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:04 -!- mode/#openvpn [+v Axeman2] by ChanServ 18:05 < MeanderingCode> i'm scouring the 'net for info on vpn configuration, routing (as in how a linux host running an openvpn client routes things), etc, all towards the goal of having only _certain_ applications' traffic route over the vpn connection 18:05 < MeanderingCode> remarkably difficult to find :/ 18:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 18:06 < MeanderingCode> can anyone point me at some good resources? 18:06 < |Mike|> topic 18:06 < |Mike|> !def1 18:06 -!- frojnd [~frojnd@86.58.21.55] has quit [Ping timeout: 260 seconds] 18:06 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 18:06 < |Mike|> !route 18:06 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 18:07 < MeanderingCode> thanks |Mike| 18:13 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 260 seconds] 18:15 -!- Denial [Denial@drgi.co.uk] has quit [] 18:22 -!- okamis_ [2eef7d06@gateway/web/freenode/ip.46.239.125.6] has quit [Quit: Page closed] 18:39 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 18:56 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 19:16 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 19:16 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 19:16 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 19:16 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:16 -!- mode/#openvpn [+v Axeman2] by ChanServ 19:18 -!- tekzilla [~jon@hmbg-4d06cbee.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:23 -!- tekzilla [~jon@hmbg-4d06f5da.pool.mediaWays.net] has joined #openvpn 19:34 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:50 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has joined #openvpn 19:50 -!- tjz [~pc@bb116-14-145-196.singnet.com.sg] has quit [Changing host] 19:50 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 19:54 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 19:54 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 19:54 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 19:54 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 19:55 -!- _julian_ [~quassel@hmbg-5f77d30b.pool.mediaWays.net] has joined #openvpn 19:58 -!- _julian [~quassel@hmbg-5f7648c9.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 20:18 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 20:21 -!- newl [~newl@97.75.165.156] has left #openvpn [] 20:25 -!- teratoma [~teratoma@i.dont.get.mad.i.get.stabby.net] has joined #openvpn 20:37 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 20:41 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 20:41 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Client Quit] 20:45 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 20:46 <+EugeneKay> ecrist, are you about? 20:47 < krzie> MeanderingCode, 20:47 < krzie> !routebyapp 20:47 <@vpnHelper> "routebyapp" is if you want to send only certain apps over the VPN you need to run a socks server on the internal VPN subnet (see !sockd) then get an app like proxifier (google it) to selectively route traffic over the socks proxy based on port/app/subnet or any combination. 20:48 < MeanderingCode> !sockd 20:48 <@vpnHelper> "sockd" is if you want !routebyapp you can use this dante config www.ircpimps.org/sockd.conf but BE SURE TO ONLY RUN THIS ON THE INTERNAL VPN IP! otherwise you will be an open proxy. that config has no security because its expected to run inside openvpn 20:48 <+EugeneKay> krzie, you might know. What powers vpnHelper? 20:48 < krzie> !version 20:48 <@vpnHelper> The current (running) version of this Supybot is 0.83.4.1. The newest version available online is 0.83.4.1. 20:49 < MeanderingCode> thanks, krzie. Unfortunately, I won't be able to administer most of the vpns in question for this setup 20:49 < krzie> that and black magic 20:49 <+EugeneKay> Ah, danke. 20:49 < MeanderingCode> it will, however, help regarding my laptop's configuration :) 20:49 < krzie> np MeanderingCode, but thats the ONLY way you will route by app 20:49 < MeanderingCode> pretty much 20:49 < krzie> however, if connecting to services on the server, you can use the vpn ip to connect, then it goes over the vpn 20:50 < MeanderingCode> the other methods i'm finding are some bind trickery and iptables 20:50 < MeanderingCode> right, what you said :) 20:50 < krzie> maybe even split-routing 20:50 < krzie> err 20:50 < krzie> split-dns 20:50 < MeanderingCode> and binding apps to interfaces, when they support it, along w/ SO_BINDTODEVICE 20:50 < krzie> depending on the real goal 20:51 < MeanderingCode> and iptables magic, by matching UID (which is by user, not application, but i can make that work) 20:52 < krzie> that would be a cool writeup 20:52 < krzie> !wiki 20:52 <@vpnHelper> "wiki" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN for the Unofficial wiki or (#2) https://community.openvpn.net/openvpn/wiki for the Official wiki 20:53 < krzie> if interested ;] 20:53 < MeanderingCode> ya know, if i can get it working in a stable fashion, i certainly will :) 20:54 < MeanderingCode> and thanks for the invitation :) 20:57 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 20:57 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 20:57 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 21:00 <+EugeneKay> Yay, got my supybot running. 21:21 -!- newl [~newl@97.75.165.156] has joined #openvpn 21:32 -!- newl [~newl@97.75.165.156] has left #openvpn [] 22:01 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 22:01 -!- Axeman2 [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 22:01 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has joined #openvpn 22:01 -!- mode/#openvpn [+v Axeman2] by ChanServ 22:06 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 22:06 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Read error: Connection reset by peer] 22:07 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 240 seconds] 22:33 -!- jameslordhz [~jack@60.12.143.45] has quit [Ping timeout: 255 seconds] 22:34 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 268 seconds] 22:35 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 22:37 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 22:40 -!- Axeman2 [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 22:48 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Remote host closed the connection] 22:53 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 22:58 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Ping timeout: 260 seconds] 23:45 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn --- Day changed Sat Jan 14 2012 00:01 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 00:16 -!- jameslordhz [~jack@60.12.143.45] has quit [Ping timeout: 260 seconds] 00:22 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 01:05 -!- dioz [~dioz@2001:470:1f11:12a9::1] has quit [Read error: Operation timed out] 01:09 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 01:34 -!- jameslordhz [~jack@60.12.143.45] has quit [Ping timeout: 240 seconds] 01:42 -!- ribbler [~bcalab@117.239.59.179] has left #openvpn [] 01:44 -!- jameslordhz [~jack@60.12.143.45] has joined #openvpn 01:46 < jameslordhz> hi 01:47 -!- jameslordhz [~jack@60.12.143.45] has left #openvpn [] 02:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:16 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Ping timeout: 276 seconds] 02:18 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 02:37 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:47 -!- sigius [~sigius@93-125-185-45.dsl.alice.nl] has quit [Ping timeout: 240 seconds] 02:59 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 03:02 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 03:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 03:04 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:35 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Quit: Leaving] 03:39 -!- Crumbz [~Crumbz@host-89-242-68-69.as13285.net] has joined #openvpn 03:40 < Crumbz> Hey guys, is there any way to run the openvpn client as a socks proxy server? i'm sure i saw an option for it before but i cannot find it. 03:59 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 04:12 < hyper_ch> Crumbz: what's a socks proxy server? 04:22 -!- master_of_master [~master_of@p57B55B8C.dip.t-dialin.net] has quit [Ping timeout: 240 seconds] 04:22 -!- X0Rc0re_ [7ca9baca@gateway/web/freenode/ip.124.169.186.202] has joined #openvpn 04:22 < X0Rc0re_> hello, may i ask what type of OpenVPN is this? http://openvpn.net/index.php/access-server/docs/admin-guides/387-how-to-use-local-user-authentication.html 04:22 <@vpnHelper> Title: How to use local user authentication (at openvpn.net) 04:22 < X0Rc0re_> is it a paid OpenVPN? 04:23 < reiffert> X0Rc0re_: openvpn is a piece of software. 04:23 < X0Rc0re_> how do you get that web user interface? 04:23 < reiffert> X0Rc0re_: it's been released under GPL. 04:23 < X0Rc0re_> reiffert: then whats that web user interface?? 04:23 -!- master_of_master [~master_of@p57B54777.dip.t-dialin.net] has joined #openvpn 04:23 < X0Rc0re_> is it free? 04:24 < reiffert> there is no web user interface that comes with openvpn, but there are webinterfaces you can use, e.g. 04:24 < reiffert> http://openvpn-web-gui.sourceforge.net/ 04:24 <@vpnHelper> Title: OpenVPN Web GUI 0.3.x (at openvpn-web-gui.sourceforge.net) 04:24 < X0Rc0re_> oh thanx :) 04:24 < X0Rc0re_> so i that will allow other users to connect to my VPN? 04:25 < reiffert> no, it's a web interface to manage the openvpn certificates. 04:26 < X0Rc0re_> so how do i manage users to connect to my VPN? 04:26 < reiffert> how do you think that it might eventually work, especially "connecting users to a vpn"? 04:26 < X0Rc0re_> certs 04:26 < reiffert> print out certs, then what? 04:27 < X0Rc0re_> give them to the users? 04:27 < reiffert> great, what will they do with them? 04:27 < X0Rc0re_> connect to my vpn 04:28 < reiffert> well, they have a client, they have a config file, they have certificates. then they are potentially able to connect. 04:28 < X0Rc0re_> i would still like to know what is this? http://gyazo.com/f9f3c263a184e08228a69630f54aaf38 04:28 <@vpnHelper> Title: f9f3c263a184e08228a69630f54aaf38.png (at gyazo.com) 04:28 < reiffert> it's an url. 04:28 < X0Rc0re_> ... 04:28 < reiffert> !as 04:28 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 04:28 < reiffert> Access-Server is the commercial product of the openvpn company. 04:29 < X0Rc0re_> so that is access server? 04:29 < reiffert> right. we dont support that in here. 04:29 < X0Rc0re_> oh ok 04:29 < X0Rc0re_> #OpenVPN-AS 04:29 < X0Rc0re_> ty 04:29 < X0Rc0re_> is that another way i can alllow users to connect? 04:29 < X0Rc0re_> using as? 04:30 < reiffert> not using as. 04:30 < reiffert> but do as the howto says 04:30 < reiffert> !howto 04:30 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 04:32 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Ping timeout: 248 seconds] 04:32 -!- agagag [~anton@eudaimonia.goto10.org] has quit [Ping timeout: 252 seconds] 04:36 -!- X0Rc0re_ [7ca9baca@gateway/web/freenode/ip.124.169.186.202] has quit [Ping timeout: 258 seconds] 04:38 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 04:38 <@vpnHelper> RSS Update - forum: Buying a cookware set 04:40 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 04:40 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has joined #openvpn 04:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:49 < X0Rc0re> what is this? http://sourceforge.net/projects/openvpn-config/ 04:49 <@vpnHelper> Title: OpenVPN Configuration CLI Wizard | Free System Administration software downloads at SourceForge.net (at sourceforge.net) 04:51 < X0Rc0re> is untangle any good? http://www.untangle.com/images/screenshots/OpenVPN/openvpn_gui_email_clients.png 04:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:57 < hyper_ch> X0Rc0re: if you want a config generator use 04:57 < hyper_ch> !confgen 04:57 <@vpnHelper> "confgen" is (#1) http://www.doeshosting.com/code/openvpn-confgen.tgz for the bash config generator or (#2) you can use svn co http://www.secure-computing.net/svn/trunk/openvpn-confgen/ 04:58 < hyper_ch> some crazy guy in here created it :) 05:11 < X0Rc0re> hyper_ch: im done with my config file:) 05:11 < X0Rc0re> :) 05:24 < X0Rc0re> how exactly do i find the cert file in OpenVPN? 05:24 < hyper_ch> create them 05:24 < hyper_ch> !howto 05:24 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 05:24 < hyper_ch> !ca 05:25 < hyper_ch> !cert 05:25 < X0Rc0re> ? 05:25 < X0Rc0re> lol 05:26 < hyper_ch> !pki 05:26 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 05:26 <@vpnHelper> signed specially as a server (see !servercert) 05:26 < X0Rc0re> yes i have read that and done that 05:27 < X0Rc0re> i want to know what directory do i go to to obtain them? 05:27 < hyper_ch> depends where you created them 05:28 < X0Rc0re> the default area 05:29 < X0Rc0re> http://screensnapr.com/v/qajfyU.png 05:29 <@vpnHelper> Title: View qajfyU.png on ScreenSnapr (at screensnapr.com) 05:30 < hyper_ch> you really should use colorization for ls 05:31 < X0Rc0re> colorization? 05:34 < hyper_ch> yes 05:34 < hyper_ch> add this to your .bashrc file 05:35 < hyper_ch> # enable color support of ls and also add handy aliases 05:35 < hyper_ch> if [ -x /usr/bin/dircolors ]; then 05:35 < hyper_ch> test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" 05:35 < hyper_ch> alias ls='ls --color=auto' 05:35 < hyper_ch> #alias dir='dir --color=auto' 05:35 < hyper_ch> #alias vdir='vdir --color=auto' 05:35 < hyper_ch> alias grep='grep --color=auto' 05:35 < hyper_ch> alias fgrep='fgrep --color=auto' 05:35 < hyper_ch> alias egrep='egrep --color=auto' 05:35 < hyper_ch> fi 05:35 < hyper_ch> get the dircolors if it's not installed yet 05:35 < hyper_ch> log out and log back in 05:46 < X0Rc0re> kk :p 05:50 < hyper_ch> see now the colorization? 05:54 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 06:08 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 06:41 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has joined #openvpn 06:42 -!- takamichi [~pri@c86-7.i07-22.onvol.net] has quit [Remote host closed the connection] 07:05 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 07:10 -!- gffa [~gffa@unaffiliated/gffa] has quit [Ping timeout: 244 seconds] 07:13 -!- mocas__ [~mocas@87-196-242-85.net.novis.pt] has joined #openvpn 07:15 -!- mocas_ [~mocas@87-196-123-103.net.novis.pt] has quit [Ping timeout: 268 seconds] 07:18 -!- gffa [~gffa@unaffiliated/gffa] has joined #openvpn 07:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 07:46 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 07:50 -!- X0Rc0re [~chatzilla@124-169-186-202.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:59 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Get MacIrssi - http://www.sysctl.co.uk/projects/macirssi/] 08:42 -!- resha [~rave@112.198.78.136] has joined #openvpn 08:42 -!- resha [~rave@112.198.78.136] has quit [Client Quit] 08:42 -!- resha1 [~rave@112.198.78.136] has joined #openvpn 08:42 < resha1> what can I do if my isp throttles vpn connection? 08:43 < hyper_ch> get a new isp 08:44 < resha1> all our isp are throttling vpn connection 08:47 -!- resha1 [~rave@112.198.78.136] has quit [Read error: Connection reset by peer] 08:48 -!- resha [~rave@112.198.78.136] has joined #openvpn 08:48 -!- resha [~rave@112.198.78.136] has left #openvpn [] 08:59 -!- Kaizen [~osu@unaffiliated/kyoku] has joined #openvpn 09:01 < Kaizen> what's the easiest way to create my own custom branded openvpn client, anyone have a guide for it? looks like they don't release the source code for windows gui 09:02 < hyper_ch> as openvpn is opensource, then the code for the windows gui should also be somewher 09:03 < Kaizen> http://openvpn.net/index.php?option=com_content&id=357 the client is here, but there is no source code i can find 09:03 <@vpnHelper> Title: Client Packages (at openvpn.net) 09:07 < hyper_ch> https://community.openvpn.net/openvpn/wiki/DeveloperDocumentation#Maindevelopmentrepositorygit 09:07 <@vpnHelper> Title: DeveloperDocumentation – OpenVPN Community (at community.openvpn.net) 09:07 < hyper_ch> which points to here http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn.git;a=summary 09:07 <@vpnHelper> Title: SourceForge - openvpn/openvpn.git/summary (at openvpn.git.sourceforge.net) 09:08 < hyper_ch> when browsing the tree you get here http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn.git;a=tree 09:08 <@vpnHelper> Title: SourceForge - openvpn/openvpn.git/tree (at openvpn.git.sourceforge.net) 09:08 < hyper_ch> which has a install-w32 folder 09:08 < hyper_ch> http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn.git;a=tree;f=install-win32;h=9a7d6f35a3825ab736e43ae0df87441269565d0e;hb=HEAD 09:08 <@vpnHelper> Title: SourceForge - openvpn/openvpn.git/tree - install-win32/ (at openvpn.git.sourceforge.net) 09:08 < hyper_ch> it's all there, all you have to do is look for it 09:38 -!- Gravitron [~admin@65.28.68.253] has joined #openvpn 09:38 -!- Gravitron [~admin@65.28.68.253] has quit [Changing host] 09:38 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:48 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 09:48 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 09:49 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 09:54 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 09:57 < stdudz> Hey all, anyone here have experience setting up and linking multiple servers with subnet topology? I'm having a problem with the iroutes. The server link is achieved by having one server, B, act as a client of the other, A. Server A then pushes all the routes to server B, and has all the iroutes also pushed to it. 09:59 < stdudz> Everything works fine, I have scripts to change the routes on server B when a client connects. The big problem is that if the link goes down between the 2 servers and then comes up again, all the subnets attached to server A go down, because the iroute option prioritises the new connections. In this case Server B gets all the iroutes. 09:59 < hyper_ch> that's too complex to me to understand for what you're trying to achieve 10:01 < stdudz> Most of it is background, the problem is that i have duplicate iroutes and the wrong one is being used when the 2nd server link goes down and comes back on, server A assumes all the subnets are on server B 10:02 < hyper_ch> all traffic has always to go through the serve 10:02 < hyper_ch> I mean all client traffic 10:02 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 10:02 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 10:02 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 10:02 -!- mode/#openvpn [+v Axeman] by ChanServ 10:05 < stdudz> Yes, clients can chose either server A or B. I have the client config set so it is random. If both the servers stayed up all the time it would be perfect, but unfortunately its not possible 10:06 < stdudz> One way I was thinking was to disconnect all clients when Server B re-establishes the connection to server A. Is there a way to do this? 10:06 < stdudz> That way the client subnets will reconnect to server A, and they will get their iroute back as they are more recently connected than server B 10:07 < stdudz> The question is really about prioritising iroutes, if anyone has any idea? 10:10 < stdudz> can give more info if needed 10:15 < hyper_ch> dazo_afk: will you wear a "dazo" name patch at fossdem? 10:19 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 10:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 10:41 < stdudz> Still researching this problem with the iroutes. One solution is to force all clients to disconnect when the other server connects. I know the management interface can do this, but the router I have openvpn is running on doesn't have telnet on it. The preferred way would be to have a client-connect script contain commands that do it. Is this possible? Or is there anything else I can do? 10:54 < krzie> using a routing protocol or something? 10:55 -!- Cr4zi3 [killaz@staff.xbins.org] has quit [Read error: Operation timed out] 10:59 -!- Kaizen [~osu@unaffiliated/kyoku] has quit [Read error: Connection reset by peer] 11:00 -!- Brownout [~brownout@wikimedia/brownout] has joined #openvpn 11:01 < stdudz> nicest way for this to work would be if the iroute allowed a metric to be stated with it 11:03 < Brownout> I'm having some issues with an openvpn server (2.1.0), when started I get the error message: "RESOLVE: Cannot parse IP address: 192.168.57.0 Options error: error parsing --server parameters". The server line is "server 192.168.57.0 255.255.255.0". Any ideas? 11:08 <@vpnHelper> RSS Update - forum: User Auth for VPN 11:10 < hyper_ch> theres a udp or tcp missing I think 11:11 < hyper_ch> no, I'm wrong 11:11 < hyper_ch> try a different network like 10.8.0.0 11:14 < Brownout> hm, you're right 11:15 < hyper_ch> I am? 11:15 < hyper_ch> about what? 11:15 < Brownout> about trying a different network 11:15 < Brownout> why wouldn't it like 192.168.57.0/24? 11:16 < hyper_ch> the ways of OpenVPN are mysterious and known only to a selected few prophets 11:18 < hyper_ch> which is religious-speak for I have no clue 11:23 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 240 seconds] 11:23 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 11:35 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 11:37 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 11:39 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 11:41 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 11:49 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 260 seconds] 12:01 < ecrist> EugeneKay: I am now. 12:02 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 12:11 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 240 seconds] 12:19 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 12:22 -!- Crumbz [~Crumbz@host-89-242-68-69.as13285.net] has quit [Quit: Leaving] 12:22 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 12:23 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Client Quit] 12:24 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 12:26 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 12:28 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 12:29 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 12:41 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 12:45 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 252 seconds] 12:53 -!- teratoma [~teratoma@i.dont.get.mad.i.get.stabby.net] has quit [Quit: leaving] 12:58 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Ping timeout: 268 seconds] 12:59 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 12:59 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 13:00 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Client Quit] 13:09 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 260 seconds] 13:11 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Ping timeout: 255 seconds] 13:16 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 13:16 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has joined #openvpn 13:16 < nonotza> it seems like port 22 traffic on my vpn client is not being routed through the vpn. how can I fix that? 13:19 < krzie> its not based on port, its based on routing table 13:20 < krzie> if you're connecting to 22 on the vpn server, use the vpn ip 13:21 < nonotza> is this something that I configure in the openvpn client settings? 13:22 < krzie> what machine are you trying to reach through the vpn? 13:22 < krzie> the vpn server, a machine on the vpn server's lan, or a machine on the internet? 13:23 < nonotza> a machine on the internet 13:23 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 240 seconds] 13:23 < krzie> you need to configure some stuff on the server, what OS is the server? 13:24 < nonotza> centos 13:24 < krzie> and post your configs like this: 13:24 < nonotza> I'm mucking about with the iptables 13:24 < krzie> !configs 13:24 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 13:24 -!- JackWinter [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:24 < krzie> and you will need to do this: 13:24 < krzie> !linnat 13:24 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 13:24 < nonotza> I'll do that a minute - mind if I explain a little bit more? 13:25 < nonotza> because most of those are done 13:25 < krzie> after you post your configs 13:25 < nonotza> ok 13:28 < nonotza> client: OS X Lion, server: centos, openvpn v2.2 13:28 < nonotza> http://pastebin.com/8URQppzY 13:29 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:30 < nonotza> ok - so I have this line in my iptables: iptables -A INPUT -i eth0 -p tcp -s vpn_ip_address --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT 13:30 < nonotza> default policy is drop 13:30 -!- JackWinter [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 252 seconds] 13:31 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has quit [Read error: Connection reset by peer] 13:31 < nonotza> however it won't accept connection from my vpn ip address 13:31 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:31 < nonotza> when I add this line: iptables -I INPUT -p tcp -m tcp -s client_ip_address --dport 22 -j ACCEPT 13:31 < nonotza> I can log into the server via ssh just fine 13:33 < nonotza> if I connect to the vpn and try to connecting via ssh, the "Last login" prompt always shows the client IP address/hostname - even when I'm connected to the VPN 13:33 < rob0> so it would appear that the vpn_ip_address or client_ip_address (are they different? If munging BE CONSISTENT) is not coming in eth0 13:33 < nonotza> they are different 13:34 < nonotza> eth0 is the public nic 13:34 < krzie> vpn ip wont come over eth0 13:34 < krzie> vpn ip comes in over vpn adapter 13:34 < nonotza> tun0? 13:34 < krzie> most likely 13:34 < nonotza> ah ok 13:34 < nonotza> let me make that change 13:35 < krzie> but didnt you say that the machine you want to ssh to is out there on the internet, not the server or machine in servers lan... 13:36 -!- JackWinter3 [~jack@vodsl-8990.vo.lu] has joined #openvpn 13:37 < nonotza> I may have misunderstood - the vpn server and ssh server are the same box 13:37 -!- JackWinter2 [~jack@vodsl-8990.vo.lu] has quit [Ping timeout: 255 seconds] 13:37 < krzie> then you didnt need ip forwarding 13:37 < krzie> just ssh to the vpn ip 13:37 < krzie> 10.8.0.1 13:37 < krzie> anything else is a firewall problem 13:38 < nonotza> still timing out 13:38 < krzie> [15:37] anything else is a firewall problem 13:38 < nonotza> when I ssh into the vpn ip 13:38 < nonotza> here's the curious part though 13:39 < krzie> oh also check that ssh listens on that ip ;] 13:39 < krzie> like *:22 in your netstat -l 13:39 < krzie> -ln rather 13:40 < nonotza> on the server? 13:41 < krzie> yep 13:42 < nonotza> yes I see the foreign IP with port 22. 13:42 < krzie> ahh its the foreign ip? 13:42 < nonotza> oops 13:42 < nonotza> sorry 13:42 < nonotza> that was from the client 13:42 < krzie> not just *:22 ? 13:42 < krzie> heh 13:42 < nonotza> in the server I didn't see anything 13:43 < nonotza> output is different on the server 13:43 < nonotza> I see paths, states, I-node, etc 13:44 < nonotza> is I-node the port? 13:44 < nonotza> ah shit 13:44 < nonotza> sorry didn't read all of the output 13:44 < nonotza> it's listening on port 22 13:44 < krzie> well no shit 13:44 < nonotza> tcp 0 0 :::22 :::* LISTEN 13:44 < krzie> ok, its on * 13:44 < krzie> so ya, when firewall works, you can ssh to 10.8.0.1 13:45 < krzie> until you can, its your firewall 13:45 < nonotza> ok - here's something though 13:45 < nonotza> when I am connected through through the vpn client, the server thinks I'm coming from my normal client IP address - not the vpn ip address 13:46 < nonotza> that sounds like something is wrong with the routing on my client, no? 13:48 < nonotza> krzie? 13:48 < rob0> isn't that ipv6? 13:48 < krzie> cause you're connecting to the normal ip, not the vpn ip 13:48 < krzie> rob0, if hes listening to ipv6 *, hes listening to ipv4 * 13:49 < krzie> ssh doesnt have seperate listen config entries 13:49 < nonotza> ok that makes sense 13:51 <+EugeneKay> !topsecret 13:51 <@vpnHelper> "topsecret" is if your setup is so top secret that you cant post your configs or logs, please leave now and go find support you trust. 13:52 < krzie> he posted the configs 13:52 <+EugeneKay> Not for him :-p 13:52 < krzie> oh =] 13:52 <+EugeneKay> I was stealing the factoid 13:53 < krzie> thief! 13:53 < krzie> !factoids 13:53 <@vpnHelper> "factoids" is A semi-regularly updated dump of factoids database is available at http://www.secure-computing.net/factoids.php 13:53 < rob0> sigh, okay, I know when I'm not wanted 13:53 < krzie> echo "o hai!" > /dev/rob0 13:54 < rob0> but ... but ... my setup is so top secret that I can't post my configs or logs!! 13:54 < nonotza> I posted my config files 13:54 < nonotza> I just obscured the domain name 13:54 < krzie> [15:52] Not for him :-p 13:54 < krzie> [15:52] oh =] 13:54 < krzie> [15:52] I was stealing the factoid 13:54 < nonotza> I'm a little slow today. 13:54 < nonotza> If you couldn't tell. 13:55 < nonotza> *_* 13:56 < nonotza> ok - so I got ssh working now :) 13:56 < nonotza> thanks so much for the help krzie 13:57 < krzie> np 14:00 -!- corretico [~luis@190.211.93.11] has quit [Remote host closed the connection] 14:09 < nonotza> so krzie, I had access to a vpn at one point and i was able to access the server through ssh by using it's domain name - I didn't use the vpn ip address. I imagine after keys are added to the known_hosts, and if I connect to other vpns this way I'll have to remove previous keys from my known_hosts files 14:09 < nonotza> otherwise I'll get a man in the middle attack warning 14:11 < nonotza> I guess that's something to do with my firewall settings 14:13 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 14:17 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Ping timeout: 245 seconds] 14:17 -!- nonotza_ is now known as nonotza 14:21 < krzie> if its the same vpn ip, obviously 14:21 < krzie> i have many vpn's, no overlapping subnets tho :-p 14:22 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 14:22 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 14:22 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:22 -!- mode/#openvpn [+v Axeman] by ChanServ 14:25 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Client Quit] 14:45 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 14:48 -!- stdudz [~stdudz@93-97-250-212.zone5.bethere.co.uk] has quit [Ping timeout: 245 seconds] 14:48 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has joined #openvpn 14:50 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:08 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 15:13 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 15:16 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:21 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has joined #openvpn 15:59 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 16:20 -!- agagag_ [~anton@eudaimonia.goto10.org] has joined #openvpn 16:21 -!- gffa_ [~gffa@unaffiliated/gffa] has joined #openvpn 16:22 -!- gffa [~gffa@unaffiliated/gffa] has quit [Disconnected by services] 16:29 -!- kitharris [~meow@71.188.116.185] has quit [Ping timeout: 276 seconds] 16:38 -!- Netsplit *.net <-> *.split quits: agagag 16:41 -!- kitharris [~meow@71.188.116.185] has joined #openvpn 16:48 -!- zeshooem [~zee@108.162.156.19] has quit [] 16:55 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 252 seconds] 16:56 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 17:24 -!- gffa_ is now known as gffa 17:27 -!- stdudz [~stdudz@cpc3-benw10-2-0-cust179.gate.cable.virginmedia.com] has quit [Ping timeout: 255 seconds] 17:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:33 -!- mode/#openvpn [+v Axeman] by ChanServ 17:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 17:52 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 18:00 <@vpnHelper> RSS Update - forum: Theoretical setup 18:12 <@vpnHelper> RSS Update - forum: Newbee Help Please 18:18 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 18:22 -!- APTX_ is now known as APTX 18:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 18:30 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 18:52 -!- corretico [~luis@190.211.93.11] has joined #openvpn 18:56 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 19:03 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 19:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 19:08 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 19:08 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 19:08 -!- mode/#openvpn [+v Axeman] by ChanServ 19:14 <+JodaZ> can i disable "TEST ROUTES" ? 19:15 < krzee> whats the real problem 19:19 * Olipro disables krzee in the test icles 19:20 -!- tekzilla [~jon@hmbg-4d06f5da.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:21 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 19:24 -!- tekzilla [~jon@hmbg-5f7624ab.pool.mediaWays.net] has joined #openvpn 19:47 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Computer has gone to sleep] 19:56 -!- _julian [~quassel@hmbg-5f77ef31.pool.mediaWays.net] has joined #openvpn 19:57 -!- _julian_ [~quassel@hmbg-5f77d30b.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 20:08 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 20:08 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 20:08 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:14 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 20:37 <@vpnHelper> RSS Update - forum: OpenVPN hickups with Remote Printers for MS RDP 20:40 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 20:44 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Ping timeout: 245 seconds] 20:44 -!- nonotza_ is now known as nonotza 20:55 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 21:04 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 240 seconds] 21:04 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 21:13 <@vpnHelper> RSS Update - forum: Accessing OpenVPN server from its public IP 21:15 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 21:15 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Read error: Connection reset by peer] 21:15 -!- nonotza_ is now known as nonotza 21:18 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 21:19 < mohi666> I've installed OpenVPN on my arch linux 21:19 < mohi666> I can connect to it from my LAN network, but get an error when trying to connect to it from a public IP 21:19 < mohi666> any idea what could be wrong? 21:24 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:24 <@vpnHelper> RSS Update - forum: Can't Access Admin Web UI ?? 21:37 <@vpnHelper> RSS Update - forum: Can't Access Admin Web UI ... ?? 21:43 <@vpnHelper> RSS Update - forum: [SOLVED] Accessing OpenVPN server from its public IP 21:49 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 21:50 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:50 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:50 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:50 -!- mode/#openvpn [+v Axeman] by ChanServ 21:56 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Quit: Leaving] 21:59 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 252 seconds] 22:02 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 22:06 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 22:07 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 248 seconds] 22:07 -!- nonotza_ is now known as nonotza 22:26 -!- kitharris [~meow@71.188.116.185] has quit [Remote host closed the connection] 22:27 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 22:31 -!- ColonelPanik [~panik@fiber-64-130-86-196.yucca.net] has joined #openvpn 22:31 < ColonelPanik> Help please, what is NT Domain? 22:32 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 244 seconds] 22:32 <+Axeman> whoa. 22:32 < Autoeth> You mean microsoft Domain ? 22:33 < ColonelPanik> It is asking on the Network connection info. Linux Mint 22:34 < Autoeth> Sorry i never used Linux Mint so i wouldn't know what they want there. 22:34 < Autoeth> but my guess would be to put the domain there the one that you are part of your network 22:35 < Autoeth> but this is openvpn channel maybe a linux mint channel would be better for your question ? 22:36 < ColonelPanik> I am trying to set up openVPN 22:37 < Autoeth> ok yah i am sorry i still wouldn't know i never came across that. 22:38 < Autoeth> Hopefully someone else here can help you. Wait a little bit. 22:38 < ColonelPanik> Okay, thanks. 22:40 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 22:43 -!- nonotza_ [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 22:45 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 248 seconds] 22:45 -!- nonotza_ is now known as nonotza 22:53 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Read error: Connection reset by peer] 22:53 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has joined #openvpn 22:57 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 22:57 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 22:57 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Read error: Connection reset by peer] 22:59 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 268 seconds] 23:03 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 23:12 < nonotza> I have a site that's located on the same server as a vpn. when the client is connected to the vpn, it can access the site at 10.8.0.1 (private vpn address) but it can't access it through it's domain name 23:12 < nonotza> I added a /etc/hosts entry that maps the domain name to the private ip address but that doesn't seem to do the trick 23:13 < nonotza> is this a firewall issue? any ideas? 23:40 -!- nonotza [~nonotza@50-57-234-249.static.cloud-ips.com] has quit [Read error: Connection reset by peer] 23:41 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 23:41 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Client Quit] 23:48 <@vpnHelper> RSS Update - forum: IGMP --- Day changed Sun Jan 15 2012 00:57 -!- hilarie [~freenode@95.211.150.180] has joined #openvpn 00:58 < hilarie> could anyone point me in the right direction, to put the keys right in the configuration file, like AS does? 01:08 <+EugeneKay> It's a code change. 01:31 < hilarie> can I just go ca ? 01:32 < hilarie> would it be ca (gibberish) or ca Begin Cert, (gibberish) end cert? 01:47 <+EugeneKay> No, the code required to do that does not exist in the FOSS openvpn. 01:48 < hilarie> AS only thing? 01:48 <+EugeneKay> Correct. 01:49 < hilarie> bleh, I only want 3 connections... I wish they'd let you buy less then 10 01:50 * EugeneKay shrugs 01:50 <+EugeneKay> It's a silly feature, IMO. 01:53 < hilarie> any theories an where the logs might be going on a ubuntu system on the client side, and is there a way to force them into the folder you are running it from? 01:54 < hyper_ch> you mean like the log_file directive or somethign? 01:54 <+EugeneKay> If you're running it as a service(using the default init scripts), probably syslog. See ---log 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Read error: Connection reset by peer] 01:55 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 01:55 < hyper_ch> or rather: log /path/to/logfile 01:56 < hilarie> its not running as an init script, just doing sudo openvpn --config client.ovpn --script-security 2 01:57 < hilarie> hyper_ch add log /this/is/where/i/will/fine/thelogfile.txt? 01:58 < hyper_ch> yes 01:58 < hilarie> got a fair (cab driver) bbl 01:58 < hyper_ch> and you could also alter verbosity 02:26 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:48 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 03:06 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 03:58 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Read error: Connection reset by peer] 04:03 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 04:19 -!- hilarie [~freenode@95.211.150.180] has quit [Quit: hilarie] 04:20 -!- hilarie [~freenode@95.211.150.180] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B54777.dip.t-dialin.net] has quit [Ping timeout: 276 seconds] 04:24 -!- master_of_master [~master_of@p57B54634.dip.t-dialin.net] has joined #openvpn 04:25 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 04:49 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 05:02 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 05:02 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 05:35 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 05:39 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 05:39 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 05:42 -!- skynet-2000 [~skynet-20@unaffiliated/skynet2000] has quit [Quit: Leaving] 06:48 <@vpnHelper> RSS Update - forum: OpenVPN client for the iPhone and iPad 07:32 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 260 seconds] 07:48 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 07:52 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Remote host closed the connection] 08:18 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Read error: Connection reset by peer] 08:22 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 08:44 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 255 seconds] 08:45 -!- DarthGandalf [~Vetinari@2001:470:25:7cd::20:1] has joined #openvpn 08:45 -!- DarthGandalf [~Vetinari@2001:470:25:7cd::20:1] has quit [Changing host] 08:45 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 09:05 -!- JackWinter3 [~jack@vodsl-8990.vo.lu] has quit [Quit: Konversation terminated!] 09:19 <@vpnHelper> RSS Update - forum: Proper support for duplicate iroutes. 09:31 -!- JackWinter [~jack@vodsl-10245.vo.lu] has joined #openvpn 09:35 -!- newl [~newl@97.75.165.156] has joined #openvpn 09:58 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Computer has gone to sleep] 10:03 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has joined #openvpn 10:06 -!- pierreghz [~pierreghz@cust-94-126-111-94.dyn.as47377.net] has joined #openvpn 10:13 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Read error: Connection reset by peer] 10:45 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has joined #openvpn 10:46 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 10:46 -!- Gravitron [~admin@76.92.159.145] has joined #openvpn 10:46 -!- Gravitron [~admin@76.92.159.145] has quit [Changing host] 10:46 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 10:52 -!- vpopov [~happylife@dyn-58-233.fttbee.kis.ru] has joined #openvpn 10:53 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has quit [Quit: Page closed] 11:01 -!- radioxid [~radioxid@nlr28-1-78-237-60-197.fbx.proxad.net] has quit [Quit: Computer has gone to sleep] 11:01 -!- resha [~rave@184.22.182.246] has joined #openvpn 11:02 < resha> guys my isp uses mtu 1266, should I also change my mtu to 1266? 11:05 < krzie> !mtu 11:05 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting 11:05 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 11:05 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 11:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 11:06 -!- mode/#openvpn [+v Axeman] by ChanServ 11:13 -!- resha [~rave@184.22.182.246] has quit [] 11:18 -!- vpopov [~happylife@dyn-58-233.fttbee.kis.ru] has quit [Ping timeout: 260 seconds] 11:20 < newl> why does his isp use 1266? 11:22 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 11:30 < Olipro> that's not even on a 4 byte alignment 11:35 -!- resha [~rave@184.22.182.246] has joined #openvpn 11:36 < resha> krzie, i put mtu-test on my client config for testing purposes and its result was (1633,1633) while with speedguide.net, it shows that my isp router is using 1266. what to do here? 11:37 < resha> MTU = 1266 11:37 < resha> MTU is not fully optimized for broadband. Consider increasing your MTU to 1500 for better throughput. If you are using a router, it could be limiting your MTU regardless of Registry settings. 11:37 < resha> What should I do now? 11:41 < newl> what is the number in the ifconfig 11:42 < resha> Im using windows xp newl. What do you mean number in the ifconfig? 11:45 < newl> oh does ipifconfig ? show mtu 11:46 < resha> ipifconfig? 11:52 -!- resha [~rave@184.22.182.246] has quit [] 11:55 -!- tazzmn [~tazz@host-22-163-111-24.midco.net] has joined #openvpn 11:56 < tazzmn> say i got a question. I got mysql and pam_mysql installed. Trying to get openvpn to connect to it threw the db….it comes back AUTH DENIED in the openvpn log files 12:00 < krzie> change the script to give debug info or something 12:01 < krzie> basically, all openvpn cares about is exit status 12:01 < krzie> if it exits success, login is ok 12:01 < krzie> if it exits fail, AUTH DENIED 12:02 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 12:02 < tazzmn> all i have is the config file for openvpn and mysql under /etc/pam.d 12:05 < krzie> nothing in the database...? 12:05 < krzie> ;] 12:05 < tazzmn> lol sorry left that one out…I got a vpn database 12:05 < krzie> but ya i dunno, ild try doing what the script does manually and debugging it 12:05 < krzie> its not an openvpn issue, that i can assure you 12:06 < krzie> when using secondary auth, openvpn doesnt care about anything except the exit status of your script 12:06 < tazzmn> so its pam_mysql that probably has the issue 12:06 < krzie> if it did nothing more than exit without error, login would be allowed 12:06 < krzie> i dunno, which is why i would debug 12:07 < krzie> if i could tell you what it is i wouldnt bother debugging ;] 12:08 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 12:09 < tazzmn> otays i got the debug level up to 6 and watching it 12:09 < krzie> no no 12:09 < krzie> not openvpn debug 12:09 < krzie> [14:00] change the script to give debug info or something 12:09 < krzie> [14:01] basically, all openvpn cares about is exit status 12:09 < krzie> [14:01] if it exits success, login is ok 12:09 < krzie> [14:01] if it exits fail, AUTH DENIED 12:09 < krzie> [14:05] but ya i dunno, ild try doing what the script does manually and debugging it 12:09 < krzie> [14:05] its not an openvpn issue, that i can assure you 12:09 < krzie> you dont need to debug openvpn, lol 12:10 < tazzmn> debug the script? 12:11 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has joined #openvpn 12:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 12:12 < krzie> ok listen carefully 12:13 < krzie> the script is exiting with failure status 12:13 < krzie> that is ALL openvpn knows or cares about 12:13 < krzie> the problem is not in openvpn, so you cant find thr problem by debugging openvpn 12:15 < tazzmn> ok i do understand that 12:16 -!- roentgen [~arthur@openvpn/community/support/roentgen] has joined #openvpn 12:16 < krzie> figure out what the script is doing, see why it doesnt work, fix it ;] 12:16 < krzie> could be your db 12:16 < krzie> could be your pam config 12:16 < tazzmn> i am thinking pam config 12:17 < rob0> You no go making hand party with Miss Pamela! 12:20 < tazzmn> i don't think its db cause this db was one from a old server migrated over 12:24 < krzie> heh, never problems with db migrations, right? ;] 12:24 < tazzmn> usually not…always a possibility 12:26 < krzie> troubleshooting is the systematic elimination of those possibilities 12:26 < krzie> ;] 12:27 < tazzmn> well i enabled the logs for errors and access for mysql and I haven't seen either post anything 12:27 < krzie> logs of what? 12:27 < krzie> heh 12:27 < tazzmn> the access and error logs of mysql 12:28 < krzie> logs of mysql access showed nothing accessing the db? 12:28 < krzie> shouldnt that be a clue...? 12:28 < tazzmn> just now to troubleshoot why pam_mysql isn't working properly 12:29 < krzie> so make a connection to the db with all info you gave pam 12:29 < tazzmn> that does work…already did that 12:29 < krzie> now do it through pam 12:29 < tazzmn> how do i do it threw pam? 12:29 < krzie> dunno, never needed to care about it 12:29 < krzie> try looking at your script 12:33 < tazzmn> ok i think i ran into the issue…tried to pull up the connection by copying and pasting the line into the shell and it came back Segmentation fault 12:37 -!- Tick-Tock [~Tick-Tock@lunari.us] has quit [Remote host closed the connection] 12:39 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 12:48 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 12:48 -!- mode/#openvpn [+o mattock] by ChanServ 13:00 -!- roentgen [~arthur@openvpn/community/support/roentgen] has quit [Quit: Konversation terminated!] 13:03 -!- Tick-Tock [~Tick-Tock@lunari.us] has quit [Remote host closed the connection] 13:05 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 13:08 <@vpnHelper> RSS Update - forum: Multiple VPN (Cisco and openvpn) 1 WAN IP || using tls-auth with multiple clients || Routing to VPN stil not working with Open VPN2.2.2 13:08 -!- ColonelPanik [~panik@fiber-64-130-86-196.yucca.net] has left #openvpn ["Leaving"] 13:14 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 13:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 13:24 -!- newl [~newl@97.75.165.156] has quit [Quit: Lost terminal] 13:25 -!- newl [~newl@97.75.165.156] has joined #openvpn 13:49 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 13:49 <@vpnHelper> RSS Update - forum: pfsense as client, linux as server 13:50 -!- pierreghz [~pierreghz@cust-94-126-111-94.dyn.as47377.net] has quit [Quit: Quitte] 13:54 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 14:16 -!- sPiN [~sPiN@opensuse/member/jcspin247] has quit [Ping timeout: 255 seconds] 14:16 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 14:18 -!- sPiN [~sPiN@opensuse/member/jcspin247] has joined #openvpn 14:21 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 14:23 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Read error: Connection reset by peer] 14:27 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 14:35 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:41 -!- newl [~newl@97.75.165.156] has quit [Quit: leaving] 14:43 -!- tazzmn [~tazz@host-22-163-111-24.midco.net] has quit [Quit: tazzmn] 14:51 <@vpnHelper> RSS Update - forum: pfsense as client, linux as server 15:01 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 15:03 <@vpnHelper> RSS Update - forum: Newbee Help Please 15:04 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 15:11 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 15:20 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 15:23 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Quit: Leaving] 16:03 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 248 seconds] 16:06 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:11 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 16:11 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:16 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 268 seconds] 16:19 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:24 -!- nonotza_ [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:24 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Ping timeout: 244 seconds] 16:24 -!- nonotza_ is now known as nonotza 16:25 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Client Quit] 16:26 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 16:28 <@vpnHelper> RSS Update - forum: Openbsd/openvpn nat/route-to/pf issue 16:28 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 255 seconds] 16:30 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 16:31 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 16:39 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 17:13 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Read error: No route to host] 17:14 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 17:16 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 17:16 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 17:16 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:16 -!- mode/#openvpn [+v Axeman] by ChanServ 17:17 -!- Denial [Denial@drgi.co.uk] has quit [] 17:19 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 260 seconds] 17:21 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 17:21 -!- caemir [~caemir@unaffiliated/caemir] has quit [Quit: ZNC - http://znc.sourceforge.net] 17:21 -!- caemir [~caemir@78.129.43.30] has joined #openvpn 17:21 -!- caemir [~caemir@78.129.43.30] has quit [Changing host] 17:21 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 17:22 -!- oc80z [~oc80z@openvpn/user/oc80z] has quit [Excess Flood] 17:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 17:22 -!- oc80z [oc80z@blea.ch] has joined #openvpn 17:34 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:37 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 17:39 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 17:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 17:40 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 252 seconds] 17:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 17:40 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 268 seconds] 17:41 -!- Morpheme [~unknown@gateway/tor-sasl/morpheme] has quit [Quit: too late] 18:04 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 18:06 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has joined #openvpn 18:07 < JoeyJoeJo> I've got a site to site connection set up and my client can ping the network behind the server. However, I can't ping from my server network to my client network. How can I fix that? 18:12 < krzee> can the server ping the client network? 18:13 -!- arooni-mobile [~arooni-mo@200.32.253.72] has joined #openvpn 18:13 < JoeyJoeJo> let me check 18:14 < JoeyJoeJo> No 18:15 < JoeyJoeJo> I can ping the client's tun0, but it doesn't get any further than that 18:15 < krzee> ip forwarding enabled? 18:15 < JoeyJoeJo> In the client or server? 18:17 < krzee> well which one isnt forwarding between its interfaces...? 18:17 < krzee> you said you cant even ping client's eth0 ip, right? 18:17 -!- corretico [~luis@190.211.93.11] has joined #openvpn 18:24 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has joined #openvpn 18:24 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 18:24 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has quit [Read error: Connection reset by peer] 18:25 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has joined #openvpn 18:26 -!- arooni-mobile [~arooni-mo@200.32.253.72] has quit [Ping timeout: 252 seconds] 18:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 18:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 18:32 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has joined #openvpn 18:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 18:33 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 18:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 18:33 -!- mode/#openvpn [+v Axeman] by ChanServ 18:33 < resha> Hello there, my ISP is using 1266 mtu and with mtu-test, I get result (1633,1633). What should I do ? what mtu should I follow? 18:34 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 18:37 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:40 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 18:40 -!- sPiN [~sPiN@opensuse/member/jcspin247] has quit [Remote host closed the connection] 18:40 -!- arooni-mobile__ [~arooni-mo@200.32.253.72] has quit [Ping timeout: 240 seconds] 18:40 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 18:46 -!- resha [7a022e4c@gateway/web/freenode/ip.122.2.46.76] has quit [Quit: Page closed] 18:54 <@vpnHelper> RSS Update - forum: How to Set Admin Web UI port on start up ?? 19:11 < krzee> every time i try to answer resha hes gone, i hate webchat users 19:18 <@vpnHelper> RSS Update - forum: No Internet Connection on QNAP 19:23 -!- tekzilla [~jon@hmbg-5f7624ab.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:24 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 19:25 -!- tekzilla [~jon@hmbg-4d069783.pool.mediaWays.net] has joined #openvpn 19:26 -!- JustMe [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has joined #openvpn 19:27 -!- JustMe is now known as Guest5829 19:29 -!- Guest5829 [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has left #openvpn [] 19:29 <@vpnHelper> RSS Update - forum: OpenVPN in WinCE 19:30 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Quit: Leaving] 19:38 -!- Guest5829 [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has joined #openvpn 19:39 -!- Guest5829 [~JustMe@68-118-11-210.static.hlrg.nc.charter.com] has quit [Quit: Leaving] 19:53 -!- _julian_ [~quassel@hmbg-4d069556.pool.mediaWays.net] has joined #openvpn 19:54 -!- _julian [~quassel@hmbg-5f77ef31.pool.mediaWays.net] has quit [Read error: Operation timed out] 19:54 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 19:55 -!- Tick-Tock [~Tick-Tock@lunari.us] has quit [Ping timeout: 260 seconds] 19:56 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 19:57 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 19:59 -!- Tick-Tock [~Tick-Tock@lunari.us] has joined #openvpn 20:00 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 20:09 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 20:12 -!- corretico [~luis@190.211.93.11] has joined #openvpn 20:25 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 260 seconds] 20:32 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 20:32 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 20:32 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 20:35 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 20:41 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 252 seconds] 20:45 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 20:54 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:04 -!- MeanderingCode_ [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Read error: Connection reset by peer] 21:15 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:15 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:15 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:15 -!- mode/#openvpn [+v Axeman] by ChanServ 21:20 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 21:29 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 21:35 <@vpnHelper> RSS Update - forum: IPTABLES secure Internet tunnel 21:39 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 22:03 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 22:03 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 22:03 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 22:03 -!- mode/#openvpn [+v Axeman] by ChanServ 22:23 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 22:40 -!- X0Rc0re [~chatzilla@58-7-182-114.dyn.iinet.net.au] has joined #openvpn 22:47 <@vpnHelper> RSS Update - forum: Broadcasts using tun 23:19 -!- JoeK [~Joseph@ip-66-228-36-238.makaiwell.com] has quit [Quit: ZNC - http://znc.in] 23:19 -!- JoeK [~Joseph@node1-eros.hostftw.com] has joined #openvpn 23:23 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 23:26 -!- JackWinter2 [~jack@vodsl-9465.vo.lu] has joined #openvpn 23:28 -!- JackWinter [~jack@vodsl-10245.vo.lu] has quit [Ping timeout: 252 seconds] 23:28 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Quit: Sorry Gotta Run!] 23:51 <@vpnHelper> RSS Update - forum: Want to establish VPN in a Organization Pease Help --- Day changed Mon Jan 16 2012 00:05 -!- X0Rc0re [~chatzilla@58-7-182-114.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 00:13 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 00:22 -!- diffen3 [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 00:23 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 00:27 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 260 seconds] 00:44 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 00:55 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 00:59 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 01:11 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 01:11 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 01:22 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 01:27 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 01:29 -!- Diffen [~diffen@210.152.241.83.in-addr.dgcsystems.net] has joined #openvpn 01:33 <@vpnHelper> RSS Update - forum: Broadcasts using tun 01:39 <@vpnHelper> RSS Update - forum: No Internet Connection on QNAP 01:47 -!- JackWinter2 [~jack@vodsl-9465.vo.lu] has quit [Ping timeout: 260 seconds] 01:52 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 01:56 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has joined #openvpn 02:14 -!- Diffen [~diffen@210.152.241.83.in-addr.dgcsystems.net] has quit [Quit: This computer has gone to sleep] 02:14 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 02:20 -!- dazo_afk is now known as dazo 02:21 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 02:23 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Ping timeout: 240 seconds] 02:38 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 02:39 <@vpnHelper> RSS Update - forum: openvpn Management HELP 02:43 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 02:45 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:45 <@vpnHelper> RSS Update - forum: No Internet Connection on QNAP 02:46 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:03 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:10 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 03:18 <@vpnHelper> RSS Update - forum: Bridge client gets gateway from DHCP despite server-bridge || No Internet Connection on QNAP 03:32 -!- catsup [~d@ps38852.dreamhost.com] has quit [Remote host closed the connection] 03:32 -!- catsup [~d@ps38852.dreamhost.com] has joined #openvpn 03:32 -!- catsup [~d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 03:34 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Read error: Connection reset by peer] 03:34 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 03:42 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 03:44 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 03:44 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:45 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 03:45 -!- JackWinter3 [~jack@ppp-289.vo.lu] has joined #openvpn 03:49 <@vpnHelper> RSS Update - forum: Porting OpenVpn Client only 03:52 -!- JackWinter4 [~jack@ppp-289.vo.lu] has joined #openvpn 03:52 -!- JackWinter3 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 03:56 -!- JackWinter4 [~jack@ppp-289.vo.lu] has quit [Read error: Connection reset by peer] 03:56 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 04:03 -!- johnny_be_yell-1 [~Joe@96.26.97.237] has joined #openvpn 04:04 -!- Dougy_ [me@tech.qsi.net] has joined #openvpn 04:04 -!- openbsdnoob_ [~openbsdno@88.79.221.61] has joined #openvpn 04:06 -!- wedge_ [lordsilenc@bigfoot.xh.se] has joined #openvpn 04:06 -!- kofi [~matsim@dilatino.soleus.nu] has joined #openvpn 04:07 -!- cyberspace_ [20253@ninthfloor.org] has joined #openvpn 04:07 -!- gffa_ [~gffa@unaffiliated/gffa] has joined #openvpn 04:07 -!- reiffert_ [~thomas@mail.reifferscheid.org] has joined #openvpn 04:07 -!- Netsplit *.net <-> *.split quits: pa, reiffert, EvilJStoker, Champi, Azrael808, johnny_be_yellow, Olipro, gffa, wedge, GHAI_, (+5 more, use /NETSPLIT to show all of them) 04:07 -!- openbsdnoob_ is now known as openbsdnoob 04:08 -!- Netsplit over, joins: Azrael808 04:08 -!- |Mike| [mike@vps-2a01-4f8-101-1c1-b23f-f6e5.twenty-five.nl] has joined #openvpn 04:08 -!- GHAI [~joti@cthulhu-isp.net] has joined #openvpn 04:09 -!- Champi [Champi@rootshell.fr] has joined #openvpn 04:10 -!- Olipro [~Olipro@uncyclopedia/pdpc.21for7.olipro] has joined #openvpn 04:10 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 04:10 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 04:11 -!- EvilJStoker [jstoker@unaffiliated/jstoker] has joined #openvpn 04:13 < hilarie> What went wrong here, http://paste.ubuntu.com/806029/ is http://forums.openvpn.net/topic7731.html shennanigans or am I messing it up? 04:13 <@vpnHelper> Title: OpenVPN Support Forum Create ovpn client file : Server Administration (at forums.openvpn.net) 04:19 -!- pa [~pa@unaffiliated/pa] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B54634.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:24 -!- master_of_master [~master_of@p57B52E94.dip.t-dialin.net] has joined #openvpn 04:25 < hilarie> http://openvpn.net/index.php/open-source/documentation/change-log/71-21-change-log.html it looks like it should be working 04:25 <@vpnHelper> Title: 2.1 Change Log (at openvpn.net) 04:25 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds] 04:25 -!- Tixos [~sg@95.140.125.10] has joined #openvpn 04:27 < Tixos> hi 04:27 < Tixos> what is the OpenVPN Watchdog alternative for linux? 04:27 < Tixos> Basically it does this >  How to Stop Your Real IP Being Exposed After OpenVPN Disconnection 04:34 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 04:41 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 04:45 -!- Tixos [~sg@95.140.125.10] has quit [Ping timeout: 248 seconds] 04:47 <@vpnHelper> RSS Update - forum: ip pool range help 04:48 -!- Denial [~Denial@drgi.co.uk] has joined #openvpn 04:49 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 04:49 -!- zu_ [~zu@ks387228.kimsufi.com] has quit [Ping timeout: 252 seconds] 04:54 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 04:55 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 04:55 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 04:55 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:58 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 04:58 <@vpnHelper> RSS Update - forum: Can´t connect to VPN 05:00 -!- Tixos [~sg@host109-152-210-250.range109-152.btcentralplus.com] has joined #openvpn 05:06 -!- corretico [~luis@190.211.93.11] has joined #openvpn 05:07 -!- Tixos [~sg@host109-152-210-250.range109-152.btcentralplus.com] has quit [Quit: Leaving.] 05:11 -!- Tixos [~sg@192.162.102.116] has joined #openvpn 05:13 -!- mocas_ [~mocas@87.196.249.210] has joined #openvpn 05:17 -!- mocas__ [~mocas@87-196-242-85.net.novis.pt] has quit [Ping timeout: 252 seconds] 05:18 < Tixos> Can someone please tell me how to prevent IP leaking on linux?? 05:30 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 05:35 < hyper_ch> what's IP leaking? 05:38 < hyper_ch> Tixos: 05:39 < Tixos> when the VPN connection drops 05:39 < Tixos> and im left sitting on my real IP making requests anywhere and eveywhere 05:39 < Tixos> windows solution > http://openvpnchecker.com/ 05:39 <@vpnHelper> Title: OpenVPNChecker.com - OpenVPN IP Leak and DNS Leak Preventer > Home (at openvpnchecker.com) 05:41 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has quit [Ping timeout: 240 seconds] 05:43 < Tixos> hyper_ch: 05:52 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 05:56 <@dazo> Tixos: you need to setup a simple firewall route, only allowing OpenVPN traffic out on your main interface 05:56 < hyper_ch> dazo: you were quicker :) 05:56 <@dazo> :) 05:56 < Tixos> but then i cant connect off my real IP when i wish to 05:56 < hyper_ch> dazo: still going to FossDem? 05:56 < Tixos> right? 05:57 <@dazo> hyper_ch: I'm going 05:57 <@dazo> Tixos: that's when you remove this rule 05:57 < hyper_ch> Tixos: sure you can... just make another command upon disconnecting that removes that rule 05:57 < Tixos> so a few scripts are needed, which i am useless at :) 05:57 < Tixos> there is seriously no scripts already exisiting that you know of? of linux apps for it? 05:57 < hyper_ch> !updown 05:58 < hyper_ch> Tixos: how do you connect openvpn? 05:58 < Tixos> have either of you done this before? would you be able to share? 05:58 < Tixos> i use the gnome plugin for network manager 05:59 < hyper_ch> Tixos: any reason why you don't run it from the shell? 05:59 < hyper_ch> it would be a simple shell script 06:00 <@dazo> with the network-manager-openvpn-plugin ... you're left in blackhole ... that's an annoyingly piece of shit ... as it kills openvpn (or any VPNs) if the main device looses the connection 06:00 < Tixos> wouldnt know where to start tbh 06:00 <@dazo> if you run openvpn from a shell, openvpn will run and try to reconnect automatically 06:00 <@dazo> thus - no IP leak 06:01 < Tixos> how can i tell if there IS an ip leak? 06:01 < Tixos> is that even possible 06:01 < hyper_ch> Tixos: what distro? 06:01 < Tixos> ubuntu 06:01 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 06:01 <@dazo> but network-manager will rewrite /etc/resolv.conf ... so you might get some nasty surprises there on re-connects with vpn 06:01 < hyper_ch> Tixos: ls -al /etc/openvpn --> please pastebin output 06:01 < Tixos> i change my config files alot also, so this would involved re-writing scripts etc? i dont know 06:02 < hyper_ch> Tixos: all you'd need is to have the client.conf file in /etc/openvpn/ 06:02 < hyper_ch> according with the keys and ca stuff 06:02 < hyper_ch> and then you could just run: sudo /etc/init.d/openvpn start 06:02 < Tixos> -rwxr-xr-x 1 root root 1357 2011-07-04 14:10 update-resolv-conf 06:02 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has joined #openvpn 06:02 < hyper_ch> or sudo /etc/init.d/openvpn stop 06:05 -!- cpm [~Chip@pool-74-98-18-217.altnpa.east.verizon.net] has joined #openvpn 06:05 -!- cpm [~Chip@pool-74-98-18-217.altnpa.east.verizon.net] has quit [Changing host] 06:05 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:05 < Tixos> so i need to run openvpn from shell 06:05 < Tixos> and write scripts to add and remove rules from firewalls 06:05 < Tixos> seems painful to me, and im no coder 06:06 < hyper_ch> the shell is your friend 06:06 < Tixos> ive read iptable and openvpn client manuals before, there is a reason i went with the GUI 06:07 < hyper_ch> still, the shell is your friend 06:07 < hyper_ch> and openvpn isn't really hard to setup 06:08 < Tixos> and this helps with my original question ? 06:08 < Olipro> if you want a nice tard-friendly GUI, get coding 06:09 < Olipro> the answer to your question is that what you want doesn't exist 06:09 < Tixos> wow i got my answer :) 06:09 <@dazo> Tixos: you might solve your leak issue, just by running openvpn from a shell ... and not trust network-manager to control VPNs 06:09 < Olipro> primarily because the majority of people who use OpenVPN consider using a CLI and editing configuration files to be trivial 06:10 < Tixos> dazo, what if its the server dropping and nothing to do with my local setup 06:10 < Tixos> only method is using firewall? 06:10 < Tixos> Olipro: im not talkig about editing configs, im talking about writing scripts to enable disable firewall rules and such, this isnt trivial to me 06:10 < Tixos> sorry to disappoint you 06:11 < Olipro> you want to manipulate iptables? 06:11 < Olipro> well that /would/ call for a rudimentary script 06:11 <@dazo> Tixos: if your openvpn clients looses the connection while running, you can tell it to try to reconnect indefinitely .... thus you not causing any routes to change 06:12 < Olipro> however, there *are* GUIs that will let you create iptables rules, you could do so and copy paste into a script file 06:12 < Tixos> ok 06:12 <@dazo> and in the moment you kill off your openvpn client, those VPN routes goes away 06:12 < Olipro> but instead, I'd suggest just reading the iptables manpage, it's really not that hard 06:12 < Tixos> ill look into it and come back 06:13 < hyper_ch> dazo: the simplest way seems to be redirect def1 and set the client to infinite connection retry 06:14 <@dazo> hyper_ch: ack! 06:14 <@dazo> Tixos: ^^ 06:14 < hyper_ch> Olipro: reading is hard :) 06:14 < Tixos> i will get it running through shell firstly before worrying abnout that part 06:14 < Tixos> and dont start saying im unwilling to read, you do not know me :) 06:15 < Tixos> time is always my enemy 06:15 <@dazo> well, then you need to make time to read ;-) 06:15 < Tixos> if anyone could 'make' time, they would be rich as hell 06:16 < Tixos> i dont have those super powers :) 06:16 <@dazo> in this world ... make time == prioritise differently 06:16 < Tixos> its not top of my list 06:16 < hyper_ch> there's a mktime() php command 06:16 < Tixos> it seems 06:16 < hyper_ch> and we all know that mk is short for "make" 06:17 < Tixos> i hate when people say 'if you dont like it, code yourself a GUI', well yea if i had a spare 2 months i would probably do that, but amazingly i dont. 06:17 < Tixos> ill let you know when i fail :) 06:17 <@vpnHelper> RSS Update - forum: Anonyproz OpenVPN Service Provider || Free providers? 06:17 <@dazo> Tixos: in my world that means, it's not annoying you enough ;-) 06:17 < rob0> but that's how it is. You can't expect someone else to scratch your itch. 06:18 < Tixos> i know thats how it is, i am not complaining 06:18 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has joined #openvpn 06:18 < hyper_ch> someone will code it when they're annoyed enough :) 06:18 < Tixos> and comes an RSS feed from a windows dev who had the time to create what i need :) 06:19 < hyper_ch> Tixos: you also run the vpn server? 06:19 < Tixos> no 06:19 < rob0> Windows is more oriented toward people like you. So's Mac OS X, probably a much better choice. 06:19 < Tixos> ive spoke with the provider 'no related issues' his ened 06:19 < hyper_ch> rob0: I was like him once :) 06:20 < Tixos> rob0: cut the shit 06:20 < Tixos> you dont know me :) 06:20 < rob0> sure I do 06:20 < hyper_ch> Tixos: does the openvpn server push redirect def1? 06:20 < Tixos> thanks for the help dazo, hyper_ch 06:20 < Tixos> your arrogance means i know you also then :) 06:20 < rob0> heh, you are not as smart as you might think 06:21 < Tixos> ditto 06:22 < hyper_ch> Tixos: you'll need a client.conf file in /etc/openvpn that looks somewhat like this: http://pastebin.com/pGGAfws9 06:22 < hyper_ch> but whether routes are being set and which port and server and stuff... you'll need to figure out on your own 06:22 <@vpnHelper> RSS Update - forum: OpenVPN Site to Site Connection Using DD-WRT Capable Routers 06:23 < Tixos> using --config *.ovpn isnt good practice? 06:24 < hyper_ch> Tixos: the ubuntu init script runs all .conf files in /etc/openvpn 06:24 < hyper_ch> and as it is a client, I prefer to name it client.conf 06:24 < Tixos> .conf being the same as .ovpn? im looking for linux-based documentation on the official site, and not finding much atm 06:24 < Tixos> ill get there, ill come back if i need help, ty 06:25 < hyper_ch> but if you want to run it manually and not at boot up, then you'd use another file extension... like ovpn and manually call it with that config 06:25 < hyper_ch> and if I type something and dazo types something else, better listen to Mr. Dazo 06:26 < Tixos> i dont want it to start at boot 06:26 < Tixos> /etc/openvpn scripts are? 06:27 < Tixos> im just going to be asking question after qiestions like this, i need to get some background first 06:27 < hyper_ch> Tixos: just re-read what I wrote 06:27 < Tixos> i read it 06:27 < Tixos> yes i can do that 06:27 < Tixos> want to read that in the manual though :) 06:28 < hyper_ch> !howto 06:28 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:28 < Tixos> mostly server documentation isnt it 06:28 < hyper_ch> have a read and you'll see 06:29 < Tixos> maybe i can run with this switch 06:29 < Tixos> --connect-retry-max 06:30 < Tixos> although no idea if that will run if it drops :) 06:30 < hyper_ch> or you put it into the config and just run that config 06:35 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 06:36 < Tixos> with this swtich (that is already in my providers config) resolv-retry infinite 06:36 < Tixos> my real IP should never be used to connect through right? 06:36 < Tixos> so we are purely blaming this on networking manager plugin ? 06:37 < hyper_ch> I have no clue how the network manager works 06:37 < Tixos> well, im only looking into this, because yesturday it dropped 4 times 06:38 < hyper_ch> but if it's in there, as long as the vpn runs, it should remove the routes 06:38 < hyper_ch> if it did add routes 06:38 < Tixos> running via shell 06:38 < Tixos> how can i visually monitor the connection ? 06:38 < hyper_ch> wireshark 06:38 < Tixos> erm 06:38 < Tixos> any logs etc i can generate to check if im connected 06:39 < hyper_ch> ifconfig 06:39 < hyper_ch> if it lists tun0 you are connected 06:39 < hyper_ch> also run route 06:39 < hyper_ch> to see where you're being routed through 06:40 < Tixos> ok thanks 06:40 < Tixos> ;log     /tmp/openvpn_udp.log 06:40 < Tixos> and that will show of any drops etc? 06:40 < hyper_ch> enable it and see :) 06:40 < hyper_ch> you could also use more/less verbosity 06:41 < Tixos> well, i cant 'make ' a drop can i? :P 06:41 < Tixos> my providers config has 'verb 3' but no logfile 06:41 < Tixos> pointless? or is that for their end? 06:42 < hyper_ch> verbosity without logfile is useless 06:42 < hyper_ch> IMHO 06:42 < Tixos> lol 06:42 < hyper_ch> verb 5 should be fine for debugging 06:42 < Tixos> right 06:43 < Tixos> this switch will be useless if i link with changing firewall rules? 06:43 < Tixos> --client-disconnect cmd : Run script cmd on client disconnection 06:43 < Tixos> useful* 06:43 < hyper_ch> you probably don't need it 06:43 < hyper_ch> when you try to resolv-retry infinite 06:45 < Tixos> i acnt see how the connection can fail, if this setting is already in my config 06:45 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 06:45 < hyper_ch> the ways of the network manager an unknownst to us, mere mortal beings 06:46 < Tixos> ok ill jack it in then 06:47 < Tixos> this is my current config 06:48 < Tixos> http://pastebin.com/jCvUTH6Y 06:48 < Olipro> so um, does Network Manager bring up your OpenVPN connection? 06:52 <@vpnHelper> RSS Update - forum: no access to server || No local connection anymore when OpenVPN bridged enabled 06:55 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 06:55 < Tixos> yes it does 06:56 < Tixos> never had issues with it, until yesturday 06:56 < Olipro> are you using WiFi? 06:56 < Tixos> nope 06:56 < Tixos> can post be an issue? TCP 1194 or w.e vs UDP 443? 06:57 < Tixos> port8 06:57 < Olipro> well nonetheless, trusting Network Manager not to tear down your OpenVPN connection is a real headache 06:57 < Olipro> I'd suggest not using it, or if you insist, go to the Gnome guys to find out why it's being torn down 06:57 < Tixos> i changed server and it hasnt happened yet today, i will try doing it via term 06:58 -!- Tixos [~sg@192.162.102.116] has quit [Quit: Leaving.] 06:59 -!- fluter [~fluter@fedora/fluter] has quit [Client Quit] 06:59 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:00 -!- fluter [~fluter@fedora/fluter] has quit [Max SendQ exceeded] 07:01 -!- fluter [~fluter@fedora/fluter] has joined #openvpn 07:02 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 07:03 <@dazo> hehe ... or should we say "whoops!" .... http://ddanchev.blogspot.com/2012/01/whos-behind-koobface-botnet-osint.html (hyper_ch) 07:03 <@vpnHelper> Title: Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Who's Behind the Koobface Botnet? - An OSINT Analysis (at ddanchev.blogspot.com) 07:06 -!- Tixos [~sg@192.162.102.116] has joined #openvpn 07:06 < Tixos> isnt port 1194 TCP? 07:07 < Tixos> and 443 UDP? :S 07:07 < Tixos> as i am getting this error and it says its related to latency 07:07 < Tixos> Mon Jan 16 13:04:42 2012 Replay-window backtrack occurred [1] 07:07 <@dazo> Tixos: read up about --replay-window in the man page 07:07 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Ping timeout: 244 seconds] 07:08 <@dazo> Tixos: 1194/udp is the default OpenVPN setup (if port/proto is not configured) 07:09 <@dazo> and port numbers and protocol isn't connected at all .... in fact you can have apache listen to 443/tcp and openvpn listen to 443/udp 07:10 < Tixos> i cant see --replay-windows using '/pattern replay' not sure if im using that right 07:11 <@dazo> Tixos: just type: /replay-window 07:11 < Tixos> ahhh lol 07:12 < Tixos> ok great, so after running for a week, if max is 2 i can set --replay-window=2 07:12 < Tixos> although, if its only 2 probably no need to touch this 07:12 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 07:13 < Tixos> and hyper_ch, thats the reason for 'verb' in config without logfile, just to view in shell i guess :) 07:14 < Tixos> should i try to sort out all 'warnings'? ie use this switch 'WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this' 07:15 < Tixos> 'WARNING: No server certificate verification method has been enabled.' 07:15 < Tixos> there are about 5-6 07:15 <@dazo> Tixos: solving as many of those warnings as possible is a good thing 07:16 <@dazo> if you're not worried about that your VPN password is in memory while openvpn runs, you don't need to worry about auth-nocache 07:16 < Tixos> i am using user-pass auth only, i guess not much can be done about the first one 07:16 <@dazo> (auth-nocache will require OpenVPN to ask for username/password again if it needs to re-connect to the server) 07:16 < Tixos> rather the second 07:16 < Tixos> server certificate verification 07:16 <@dazo> that's a good one to fix 07:17 < hyper_ch> dazo: from windows I'm used to just press "next" upon warnings and not bother about them :) 07:17 <@vpnHelper> RSS Update - forum: Openbsd/openvpn nat/route-to/pf issue 07:17 < Tixos> i have a .crt from the provider 07:17 <@dazo> hyper_ch: *speechless* ;-) 07:17 < Tixos> guess its not being used for some reason? 07:18 <@dazo> Tixos: that's used, for sure ... but you might need to look at --tls-remote 07:18 < Tixos> o right 07:19 < Tixos> so just 07:19 < Tixos> tls-remote ca.crt 07:19 < Tixos> ill play around 07:20 < Tixos> if i am running with 'openvpn --config' what is the correct way to terminate the connection 07:20 -!- gffa_ is now known as gffa 07:21 < hyper_ch> sudo killall openvpn 07:21 < hyper_ch> that's one way :) 07:21 <@dazo> Tixos: if you have --daemon in your config, you'll need to use the 'kill' command with the proper process ID of your openvpn instance .... but if it's running in the foreground, just do CTRL-C 07:21 < Tixos> i can just cntl+c, but it doesnt feel right 07:21 <@dazo> CTRL-C is proper 07:21 < Tixos> righty 07:21 < Tixos> hmm, 'route' is totally different each time? or should it be the same :) 07:21 < hyper_ch> dazo: whats wrong with killall? 07:22 < hyper_ch> everyone in us has a little mass murderer :) 07:22 <@dazo> hyper_ch: I try to hide that need :-P 07:22 < Tixos> hyper_ch: 'route' output is totally different now compared to using network manager 07:22 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled || Bridge client gets gateway from DHCP despite server-bridge 07:22 <@dazo> (and if you're running more openvpn tunnels in parallel .... killall is kind of bruteforce) 07:23 < hyper_ch> Tixos: let me fetch my magic crystal ball and divine what your "route" output looks like 07:23 < hyper_ch> dazo: well, usually I use sudo /etc/init.d/openvpn start|stop|restart 07:24 <@dazo> hyper_ch: I think I used your magic crystal ball as a bowling ball ... it might not be in the same perfect shape as earlier .... 07:24 < Tixos> hmm 07:24 < Tixos> i asked 07:24 < Tixos> if it should be the same everytime its run 07:24 * hyper_ch gets his lightning enchanted rod and points it at dazo 07:24 < hyper_ch> *zzzaaapppp* 07:25 * dazo pops up shield 07:26 < hyper_ch> Tixos: before we know what your routes look like, we can't say for sure 07:27 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has joined #openvpn 07:27 < resha> how to fix TLS Error: Unroutable control packet received from x.x.x.x 07:28 < hyper_ch> so, time to update Diaspora 07:28 < Olipro> wait for the other end to realise the connection dropped, or tear down the connection and bring it back up manually 07:28 < Olipro> you can minimise that error for disconnects by using keepalive 07:28 -!- dollabill [~mike@199.44.8.98] has joined #openvpn 07:29 < resha> Olipro, is that answer for my question? 07:29 < Olipro> yes 07:29 < hyper_ch> resha: you have to use TLS? 07:30 < resha> thanks olipro. is this right keepalive 5 120? is that enough? 07:30 < resha> Hyper_ch - yes I use TLS 07:30 < Olipro> that will send a ping every 5 seconds 07:31 < Olipro> if no response is received for 120 seconds, it kills the connection 07:31 < resha> tls-auth /etc/openvpn/keys/ta.key 0 07:31 < Olipro> so the question really is... would you consider 120 seconds a bit of an excessive timeout 07:31 < resha> but I dont think it killed the connection after 120 seconds I guess its around 30 seconds 07:32 < resha> :) 07:33 <@dazo> hyper_ch: I've come quite a good step forward setting up the Diaspora server myself now ... just need to get nginx up'n'running properly and some firewalling stuff 07:33 < hyper_ch> nginx? 07:33 < hyper_ch> isn't that way too complicated :) 07:33 < resha> Hyper_ch - what is the use TLS towards resolving that TLS error? 07:34 < hyper_ch> resha: I don't use tls on openvpn 07:34 < resha> why? 07:34 < hyper_ch> why should I use it? 07:35 < resha> because its a security option? 07:35 < hyper_ch> it is? 07:35 < hyper_ch> how so? 07:35 < resha> :) on manual? 07:36 < hyper_ch> but how does it make it more secure? 07:37 < resha> protect against DoS attacks 07:37 < hyper_ch> how would TLS protect against DoS? 07:38 < resha> I dont know much about it. It is what is written on the manual that I read :) 07:38 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Remote host closed the connection] 07:39 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 07:40 < resha> Can you tell me now why you dont use tls on openvpn? :) 07:40 < hyper_ch> resha: I don't see why I should and you haven't given me any reason yet as to why I should 07:41 < resha> Hyper_ch, I dont know much about this thing aside from following what I read. Maybe your enlightment will clarify me on this too. 07:42 < hyper_ch> resha: I don't see how tls will help when I use certs 07:42 <@dazo> resha: TLS doesn't protect against DoS ... but if you read about --tls-auth, you'll see how OpenVPN in UDP mode can avoid DoS more efficiently, by adding an extra layer of control 07:42 <@dazo> hyper_ch: nginx isn't so bad to configure, from what I read .... and I'm keen on getting to know nginx as well :) 07:42 <@vpnHelper> RSS Update - forum: no access to server || No local connection anymore when OpenVPN bridged enabled 07:42 < resha> This what I read: Add an additional layer of HMAC authentication on top of the TLS control channel to protect against DoS attacks. In a nutshell, --tls-auth enables a kind of "HMAC firewall" on OpenVPN's TCP/UDP port, where TLS control channel packets bearing an incorrect HMAC signature can be dropped immediately without response. 07:42 * dazo might even put varnish in front of nginx as well 07:43 < rob0> The way it works: you read through the howto and manual, then decide what you need. One size fors not fit all. 07:43 < rob0> err wow, typo day 07:43 < hyper_ch> dazo: well, same here... I'm pondering about creating an ISO for a 4GB SD card raspberry pi that has FS, FusionPBX, sqlite and nginx 07:43 < rob0> *does 07:43 < hyper_ch> what's varnish? 07:43 -!- X0Rc0re [~chatzilla@124-169-46-85.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 07:44 -!- resha [b816b6f6@gateway/web/freenode/ip.184.22.182.246] has quit [Quit: Page closed] 07:44 <@dazo> hyper_ch: it's a web cache ... however, I just realised that's really dumb ... as diaspora is https :/ 07:44 < hyper_ch> ah :) 07:44 <@dazo> (varnish doesn't support https) 07:44 < hyper_ch> what about squid? 07:44 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 276 seconds] 07:44 <@dazo> it's an awesome web cache, with an amazing flexible config scheme 07:45 <@dazo> squid isn't so suitable as a reverse proxy, and way too slow compared to varnish 07:45 < ecrist> dazo: you just need a suitable ssl accelerator 07:45 <@dazo> yeah 07:45 <@dazo> hyper_ch: https://www.varnish-cache.org/ 07:45 <@vpnHelper> Title: Front page | Varnish Community (at www.varnish-cache.org) 07:45 < hyper_ch> dazo: you need to install ecrist on the machine to do ssl acceleration 07:45 <@dazo> hehehe 07:45 <@dazo> hyper_ch: I'd probably rather not ... I'm afraid he'll be too grumpy! 07:46 < hyper_ch> is varnish also a proxy server? 07:47 <+havoc> squid is like apache; wicked huge/many functions/applications 07:47 <@dazo> hyper_ch: it's a caching proxy server, to be more exact 07:47 < hyper_ch> dazo: maybe I should have a look at it 07:47 -!- NoReGreT [~regret@unaffiliated/noregret] has joined #openvpn 07:48 < hyper_ch> dazo: when you get D* give me your userid 07:48 < hyper_ch> s/give/up, give/ 07:48 <@dazo> hyper_ch: highly recommended! The config will amaze you ;-) 07:48 <@dazo> hyper_ch: when I've solved nginx + firewall ;-) 07:48 < hyper_ch> squid has any annoyingly commented config 07:48 < NoReGreT> I'm new to openvpn, I have an account with a provider and I got the .key, .crt files.. how would I connect? should I link those in the config file ? 07:49 < hyper_ch> NoReGreT: yes 07:49 < hyper_ch> NoReGreT: issue: !welcome in this channel 07:49 < NoReGreT> !welcome 07:49 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 07:49 <@dazo> hyper_ch: customers (using the commercial version) of varnish: https://www.varnish-software.com/references 07:49 <@vpnHelper> Title: Customer References | Varnish Software (at www.varnish-software.com) 07:50 < NoReGreT> !howto 07:50 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:50 < hyper_ch> facebook uses varnish? 07:50 <@dazo> yeah 07:51 <@dazo> NoReGreT: if you got cert/keys from a provider ... that provider should most likely provide you with a config as well 07:51 < hyper_ch> dazo: but what about the evilness of Facebook, won't it taint varnish and it'll become evil itself? 07:51 <@dazo> hyper_ch: don't shoot the messenger ;-) 07:51 < rob0> BANG 07:51 < hyper_ch> you make it sound like it's a bad thing 07:52 <+havoc> fascebook is also an ideal proving ground for infrastructure tech 07:52 <@dazo> hyper_ch: messenger == varnish ;-) 07:52 <@dazo> ack 07:52 <+havoc> at least in this instance 07:52 <@dazo> +1 07:52 < hyper_ch> who has more servers? google or facebook? 07:52 <+havoc> google, easily 07:53 < hyper_ch> you sure? 07:53 <+havoc> I can't imaging facebook ever making enough money ever to buy as much gear as google has 07:53 <+havoc> but no, not sure 07:53 < Olipro> Google. 07:53 <+havoc> just speculation/educated guess 07:53 < Olipro> Google indexes the internet, Facebook does not 07:54 <+havoc> I can't imagine facebook even coming close 07:54 <@dazo> Google also build their own specialised computers 07:54 < hyper_ch> but facebook has 750million fanatics that connect 24/7 to it for status updates and animal farm 07:54 <@dazo> hehehe 07:54 < Olipro> and Google indexes all of that content too 07:54 <+havoc> hyper_ch: and that can run on *one* of google's custom boxes ;) 07:54 <+havoc> (maybe) 07:54 <+havoc> Olipro: yup 07:54 < hyper_ch> farmville 07:54 < hyper_ch> not animal farm 07:55 < hyper_ch> two slightly different things :) 07:56 < hyper_ch> I hope all of you have read animal farm 07:56 < rob0> "Comrade Napoleon is always right." "I will work harder." 07:56 < NoReGreT> dazo: no really, no openvpn config file 07:56 < rob0> I would not pay money to a provider that can't/won't support me. 07:57 < hyper_ch> NoReGreT: what ovpn provider? 08:00 * dazo just reads an article from the Chinese ambassador in Norway, claiming that the Chinese people are free, elect their own leaders freely and can speak freely the Internet ..... #yeahright! 08:00 < hyper_ch> they can speak freely in the chinese internt 08:00 < hyper_ch> as long as it's not against party policy 08:01 <@dazo> yeah 08:01 <@dazo> China is still pissed on Norway for giving Liu Xiaobo the Nobel Peace Price in 2010 ... 08:01 < ecrist> dazo: snapshot rolled, and I sent the signature to the mailing list. 08:01 < hyper_ch> if you want a clean internet experience you should VPN into a China 08:01 <@dazo> ecrist: cool, thx!! 08:01 < ecrist> http://www.youtube.com/watch?v=WyTVkD0w--E&feature=share 08:01 <@vpnHelper> Title: Marines Urinating On Dead Taliban - Action Figure Therapy - YouTube (at www.youtube.com) 08:01 < hyper_ch> dazo: you don't happen to be norwegian? 08:02 <@dazo> I do 08:02 < hyper_ch> blonde, blue eyed, high vodka tolerance? 08:02 <@dazo> almost :-P 08:02 < ecrist> NSFW in the US, probably OK in Europe 08:03 < hyper_ch> is anything SFW in the US? 08:03 < ecrist> pictures of your mom are just fine 08:04 <@dazo> ecrist: priceless youtube video! 08:04 < ecrist> :) 08:10 <@vpnHelper> RSS Update - forum: Kitchenaid is capable of heating quickly 08:13 <+havoc> heh, forum spam 08:17 < rob0> or else very clever steganography 08:18 -!- zu [~zu@ks387228.kimsufi.com] has joined #openvpn 08:22 <@vpnHelper> RSS Update - forum: Help setting upTunnel || OpenVPN N2N setup with IPfire 08:36 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 08:38 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:39 -!- fluter [~fluter@fedora/fluter] has quit [Quit: Leaving] 08:39 <@vpnHelper> RSS Update - forum: vpn server with different subnets for different common names 08:50 -!- NoReGreT [~regret@unaffiliated/noregret] has quit [Quit: leaving] 08:52 <@vpnHelper> RSS Update - forum: vpn server with different subnets for different common names 08:55 -!- Tixos [~sg@192.162.102.116] has quit [Quit: Leaving.] 09:03 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 09:11 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Ping timeout: 252 seconds] 09:12 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 09:16 <@vpnHelper> RSS Update - forum: vpn server with different subnets for different common names 09:18 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Ping timeout: 255 seconds] 09:19 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 09:27 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 09:38 -!- mocas_ [~mocas@87.196.249.210] has quit [Ping timeout: 240 seconds] 09:47 -!- APTX_ [APTX@unaffiliated/aptx] has joined #openvpn 09:47 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 09:51 -!- mocas_ [~mocas@87-196-121-73.net.novis.pt] has joined #openvpn 09:58 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? 10:04 <@vpnHelper> RSS Update - forum: Broadcasts using tun 10:21 -!- cyberspace_ [20253@ninthfloor.org] has quit [Ping timeout: 240 seconds] 10:22 -!- cyberspace- [20253@ninthfloor.org] has joined #openvpn 10:33 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 252 seconds] 10:52 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 10:55 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has joined #openvpn 11:00 -!- matthaiso [~matt@84.19.169.170] has joined #openvpn 11:01 < matthaiso> Hi. Can anyone pls tell me how to make exceptions? I'm running Linux and want to access some websites without the vpn server, but with my "true ip" 11:04 -!- raidz [~raidz@openvpn/corp/admin/andrew] has joined #openvpn 11:04 -!- mode/#openvpn [+o raidz] by ChanServ 11:05 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 11:06 < rob0> oh, that is not going to be trivial at all. I think you might do that better without redirect_gateway, and use a local HTTP proxy which forwards some requests through the tunnel, and sends others direct to the website. 11:07 < rob0> You can look at the LARTC.org howto, maybe do it with multiple route tables and rules, but those rules are not going to be selected by name, only by IP address. 11:08 -!- newl [~newl@97.75.165.156] has joined #openvpn 11:13 -!- mort_gib [~mort_gib@16.Red-83-36-63.staticIP.rima-tde.net] has quit [Quit: Ex-Chat] 11:15 -!- newl [~newl@97.75.165.156] has left #openvpn [] 11:15 <@vpnHelper> RSS Update - forum: Log Questions 11:22 < hyper_ch> not even Linux can divide by 0 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654876 11:22 <@vpnHelper> Title: #654876 - CVE-2012-0207: divide error and panic when receiving mixed IGMP queries - Debian Bug report logs (at bugs.debian.org) 12:00 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has joined #openvpn 12:18 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 13:00 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 240 seconds] 13:01 -!- dollabill [~mike@199.44.8.98] has quit [] 13:03 -!- dazo is now known as dazo_afk 13:04 -!- R-66Y [~nobody@elegua.za.net] has quit [Read error: Operation timed out] 13:06 -!- R-66Y [~nobody@elegua.za.net] has joined #openvpn 13:09 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 13:10 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 13:23 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:26 -!- Dweezahr [~Dweezahr@flits102-34.flits.rug.nl] has joined #openvpn 13:57 -!- Netsplit *.net <-> *.split quits: kloeri, Diffen, dioz, vect0rx, rooth, JoeGazz84, APTX_, Cr4zi3, Zimsky, DrArcheh 13:57 -!- Netsplit over, joins: rooth, dioz 13:57 -!- Netsplit over, joins: vect0rx 13:57 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 13:57 -!- DrArcheh [~drarcheh@85.214.227.198] has joined #openvpn 13:57 -!- Netsplit over, joins: kloeri, Diffen 13:57 -!- Cr4zi3 [killaz@staff.xbins.org] has joined #openvpn 13:59 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 13:59 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:00 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 14:03 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 14:04 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:04 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:06 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 14:06 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 14:06 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:06 -!- mode/#openvpn [+v Axeman] by ChanServ 14:07 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:07 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:09 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 14:09 -!- SOG [~SOG@168.70.16.99] has joined #openvpn 14:10 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:10 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:15 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:15 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:19 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:19 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:24 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:24 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:25 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:25 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:26 -!- MarKsaitis_ [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has joined #openvpn 14:27 -!- MarKsaitis [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Ping timeout: 240 seconds] 14:28 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:28 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:33 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:33 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:41 -!- MarKsaitis_ [~MarKsaiti@cpc4-rdng22-2-0-cust932.15-3.cable.virginmedia.com] has quit [Quit: Leaving] 14:45 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:45 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:45 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets || OpenVPN forwards client's public IP 14:52 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:52 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:53 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:53 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 14:54 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 14:54 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:01 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:01 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:02 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:02 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:03 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:03 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:07 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:07 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:09 -!- Gravitron [~admin@64.93.227.97] has joined #openvpn 15:09 -!- Gravitron [~admin@64.93.227.97] has quit [Changing host] 15:09 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:12 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:12 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:13 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 15:13 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 15:13 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 15:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 15:16 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 15:19 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:19 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:20 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:20 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:23 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:23 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:24 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:24 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:25 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:25 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:34 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:34 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:40 -!- batrick [~batrick@batbytes.com] has quit [Quit: WeeChat 0.3.2] 15:41 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 15:42 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:42 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:45 -!- batrick [~batrick@nmap/developer/batrick] has quit [Client Quit] 15:45 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 15:48 -!- batrick [~batrick@nmap/developer/batrick] has quit [Client Quit] 15:48 -!- batrick [~batrick@nmap/developer/batrick] has joined #openvpn 15:49 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:49 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:51 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:51 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:52 -!- p3rror [~mezgani@41.250.235.173] has joined #openvpn 15:54 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 15:54 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 15:58 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 16:00 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:00 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:03 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:03 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:04 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:04 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:11 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 16:11 -!- mode/#openvpn [+v Axeman] by ChanServ 16:13 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 16:14 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:14 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:15 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:15 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:16 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 16:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:19 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:19 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:22 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:22 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:29 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:29 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:31 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:31 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:33 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:33 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:34 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:34 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:37 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:37 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:43 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 16:43 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:43 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:44 -!- JoeyJoeJo [~brian@pool-173-71-223-79.clppva.fios.verizon.net] has quit [Ping timeout: 240 seconds] 16:47 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 16:48 -!- mode/#openvpn [+v Axeman] by ChanServ 16:48 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:48 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:48 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:49 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:49 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:50 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:50 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:50 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:50 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:52 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:52 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:53 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:53 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:54 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:54 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:57 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 16:57 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 16:59 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:00 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:00 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:08 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:08 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:09 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:09 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:12 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:12 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:13 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:13 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:21 -!- matthaiso [~matt@84.19.169.170] has quit [Remote host closed the connection] 17:22 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 17:22 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:22 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:23 -!- oc80z [oc80z@blea.ch] has joined #openvpn 17:23 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:23 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:24 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:24 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:29 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:29 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:31 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:31 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:32 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:32 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:34 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:34 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:36 -!- newl_ [~newl@97.75.165.156] has joined #openvpn 17:37 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:37 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:38 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:38 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:39 -!- Denial [~Denial@drgi.co.uk] has quit [] 17:40 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:40 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:42 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:42 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:44 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 17:46 -!- mode/#openvpn [+o krzee] by ChanServ 17:47 -!- Zimsky [~Zimsky@rozznet.net] has joined #openvpn 17:47 -!- Zimsky [~Zimsky@rozznet.net] has quit [Excess Flood] 17:47 -!- mode/#openvpn [+b *!*Zimsky@rozznet.net] by krzee 17:47 <@krzee> (just temp to stop his rejoin / flood cycle) 18:09 -!- Crumbz [~Crumbz@host-89-240-241-45.as13285.net] has joined #openvpn 18:10 < Crumbz> hey guys, how do i stop stdout spam with killall openvpn 18:10 < Crumbz> i have tried >/dev/null; doesn't work 18:10 < Crumbz> ie: killall openvpn >/dev/null 18:12 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 18:13 <@krzee> sure its stdout you're seeing? 18:13 <@krzee> more likely stderr 18:14 <@krzee> and btw, youd be seeing killall stdout/stderr with that command, not openvpn 18:15 <@krzee> unless you started openvpn in the foreground and bandgrounded it the unix way instead of the openvpn way, which would keep output going to your terminal 18:15 <@krzee> which would lead to the question, why you doing that? 18:16 -!- SOG [~SOG@168.70.16.99] has quit [Quit: SOG] 18:24 <+EugeneKay> "because the blog post told me to" 18:26 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 18:39 < Crumbz> krzee, why am i backgrounding it the unix way? i didn't think it made a difference.. 18:41 <@krzee> you using & to background? 18:41 < Crumbz> krzee, yes, shouldn't i? 18:41 <@krzee> --daemon 18:42 <@krzee> and if it was the same, how did i know you were doing that? 18:42 <@krzee> ;] 18:43 < Crumbz> krzee, okok, really, what is the difference though? 18:43 < Crumbz> the deamon will restart? 18:44 <@krzee> & doesnt stop the output from coming to your window 18:44 <@krzee> it also keeps the process depending on your terminal 18:44 <@krzee> close the terminal, you closed openvpn 18:45 <@krzee> basically, & wasnt made for what you're using it for, but openvpn has --daemon, which was made for it 18:45 <@krzee> !man 18:45 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 18:46 <@krzee> -daemon [progname] 18:46 <@krzee> Become a daemon after all initialization functions are completed. This option will cause all message and error output to be sent to the syslog file (such as /var/log/messages), except for the output of shell scripts and ifconfig commands, which will go to /dev/null unless otherwise redirected. The syslog redirection occurs immediately at the point that --daemon is parsed on the command line even though the daemonization point occurs later. I 18:46 <@krzee> f one of the --log options is present, it will supercede syslog redirection. 18:46 <@krzee> The optional progname parameter will cause OpenVPN to report its program name to the system logger as progname. This can be useful in linking OpenVPN messages in the syslog file with specific tunnels. When unspecified, progname defaults to "openvpn". 18:46 <@krzee> When OpenVPN is run with the --daemon option, it will try to delay daemonization until the majority of initialization functions which are capable of generating fatal errors are complete. This means that initialization scripts can test the return status of the openvpn command for a fairly reliable indication of whether the command has correctly initialized and entered the packet forwarding event loop. 18:46 <@krzee> In OpenVPN, the vast majority of errors which occur after initialization are non-fatal. 18:50 < Crumbz> krzee, thanks, helpful. can i just put it in the config as 'daemon' ? 18:50 <@krzee> yep 18:50 <@krzee> !-- 18:50 <@vpnHelper> "--" is OpenVPN allows any option to be placed either on the command line or in a configuration file. Though all command line options are preceded by a double-leading-dash ("--"), this prefix must be removed when an option is placed in a configuration file. 18:51 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 18:56 < Crumbz> krzee, thanks mate. I know your name from somewhere btw.. ;) 18:56 <@krzee> np, cool, know where? 18:58 < Crumbz> I don't know.. irc afaik, maybe gentoo/bash/archlinux? 19:00 < Crumbz> krzee, probably here.. :) 19:11 -!- newl_ [~newl@97.75.165.156] has quit [Quit: leaving] 19:15 <@krzee> could be any of them 19:17 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 19:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 19:23 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 19:24 -!- tekzilla [~jon@hmbg-4d069783.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 19:25 -!- corretico [~luis@190.211.93.11] has joined #openvpn 19:26 -!- tekzilla [~jon@hmbg-4d06cd90.pool.mediaWays.net] has joined #openvpn 19:28 <@vpnHelper> RSS Update - forum: Official Android App 19:40 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Windows Server Core (no GUI)? 19:43 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 19:48 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 19:52 -!- _julian [~quassel@hmbg-4d06c380.pool.mediaWays.net] has joined #openvpn 19:55 -!- _julian_ [~quassel@hmbg-4d069556.pool.mediaWays.net] has quit [Ping timeout: 276 seconds] 20:08 -!- Gravitron [~admin@64.93.227.97] has joined #openvpn 20:08 -!- Gravitron [~admin@64.93.227.97] has quit [Changing host] 20:08 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 20:12 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 20:13 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 276 seconds] 20:33 <+dvl> anyone tried OpenVPN in a FreeBSD jail? It sounds useful for adminstrative purposes. 20:33 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 20:39 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 20:47 <@vpnHelper> RSS Update - forum: How to increase openvpn tunnel speed or performance 20:48 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 245 seconds] 21:01 -!- Crumbz [~Crumbz@host-89-240-241-45.as13285.net] has quit [Remote host closed the connection] 21:10 -!- hilarie [~freenode@95.211.150.180] has quit [Quit: hilarie] 21:41 -!- Gravitron [~admin@64.93.226.162] has joined #openvpn 21:41 -!- Gravitron [~admin@64.93.226.162] has quit [Changing host] 21:41 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:46 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 276 seconds] 21:49 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:51 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 21:52 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 21:53 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 255 seconds] 22:10 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 240 seconds] 22:14 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 22:14 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 22:14 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:26 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 240 seconds] 22:27 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 22:27 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 22:27 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 22:32 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 240 seconds] 22:51 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 22:52 -!- X0Rc0re [~chatzilla@58-7-243-182.dyn.iinet.net.au] has joined #openvpn 23:01 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:13 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 23:13 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Remote host closed the connection] 23:14 -!- MeanderingCode [~Meanderin@97-123-13-2.albq.qwest.net] has quit [Ping timeout: 252 seconds] 23:14 <@vpnHelper> RSS Update - forum: OpenVPN Clients Automation 23:21 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 23:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:34 -!- X0Rc0re [~chatzilla@58-7-243-182.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] --- Day changed Tue Jan 17 2012 00:00 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 00:01 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 00:02 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Client Quit] 00:23 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:37 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Read error: Connection reset by peer] 00:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:40 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 00:42 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 00:44 -!- mattock [~samuli@openvpn/corp/admin/mattock] has left #openvpn [] 00:50 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 00:57 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:01 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 01:23 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 01:56 -!- rasyid7 [~3333@69.163.36.67] has quit [Ping timeout: 240 seconds] 01:56 -!- rasyid7 [~3333@183.78.51.185] has joined #openvpn 01:58 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:03 -!- Cybert1nus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 02:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:04 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Ping timeout: 260 seconds] 02:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:14 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 02:16 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 02:22 -!- p3rror [~mezgani@41.250.235.173] has quit [Ping timeout: 260 seconds] 02:29 -!- skynet-2000 [SkyNet-200@gateway/shell/trekweb.org/x-jtbslgsopdmxqotx] has joined #openvpn 02:30 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:37 < hyper_ch> hmmm, mounting the same partition in multiple locations on the filesystem shouldn't do any damage, right? 02:37 <@vpnHelper> RSS Update - forum: Broadcasts using tun 02:41 -!- epsilon [textblase@raid1.net] has joined #openvpn 03:13 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:20 < hyper_ch> krzee: http://www.raspberrypi.org/archives/553 03:20 <@vpnHelper> Title: Slashdot video interview with Eben | Raspberry Pi (at www.raspberrypi.org) 03:36 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN || Stainless cookware with copper bottom 03:37 < epsilon> how do i open a vpn connection without typing password on clientside? I want a client (debian/openvpn) to log on server (also debian) on boot automatically without any further interaction 03:37 <+EugeneKay> SSL key password or client-auth password? 03:38 <+EugeneKay> s/client-auth/auth-user-pass-verify/ 03:44 < epsilon> not sure which one... I create keys with build-key-server amd -pass 03:57 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 04:00 <@vpnHelper> RSS Update - forum: tls-server and explicit-exit-notify 04:06 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 || How to increase openvpn tunnel speed or performance 04:08 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:18 <@vpnHelper> RSS Update - forum: OpenVPN forwards client's public IP || Routed OpenVPN between two subnets 04:22 -!- master_of_master [~master_of@p57B52E94.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:24 -!- master_of_master [~master_of@p57B52184.dip.t-dialin.net] has joined #openvpn 04:30 <@vpnHelper> RSS Update - forum: OpenVPN forwards client's public IP 04:31 -!- mattock [~samuli@openvpn/corp/admin/mattock] has joined #openvpn 04:31 -!- mode/#openvpn [+o mattock] by ChanServ 04:36 -!- dazo_afk is now known as dazo 04:37 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has joined #openvpn 04:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:42 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 04:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:47 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:47 <@vpnHelper> RSS Update - forum: OpenVPN forwards client's public IP || Would it be secure to enter your credit card online over a V 04:51 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 04:52 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:54 <@vpnHelper> RSS Update - forum: no access to server || Windows 7 x64, routing, DHCP and a unstable VPN 05:00 <@vpnHelper> RSS Update - forum: no access to server || Would it be secure to enter your credit card online over a V 05:12 < epsilon> I assigned a subnet like 192.168.10.0/24 to the server and the client get an ip from that range... but who is actually playing the "dhcpd"? and can I assign fix IP on client-side? 05:24 <+EugeneKay> The openvpn process hands out IPs from the pool you specified. 05:24 <+EugeneKay> !static 05:24 <@vpnHelper> RSS Update - forum: --inactive-tcp --inactive-udp --inactive-ip --inactive-nonip 05:24 <@vpnHelper> "static" is (#1) use --ifconfig-push in a ccd entry for a static ip for the vpn client or (#2) example in net30 (default): ifconfig-push 10.8.0.6 10.8.0.5 example in subnet (see !topology) or tap (see !tunortap): ifconfig-push 10.8.0.5 255.255.255.0 or (#3) also see !ccd and !iporder 05:24 <+EugeneKay> Use ^^ to gie out static IPs per-client(based upon the common-name on the certificate) 05:35 -!- Haraken [~ryuk@unaffiliated/haraken] has quit [Ping timeout: 248 seconds] 05:37 -!- openbsdnoob [~openbsdno@88.79.221.61] has quit [Ping timeout: 248 seconds] 05:37 -!- WebDawg [~WebDawg@officialg0d.com] has quit [Ping timeout: 248 seconds] 05:38 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has quit [Ping timeout: 248 seconds] 05:38 -!- openbsdnoob [~openbsdno@88.79.221.61] has joined #openvpn 05:38 -!- pwrcycle [~pwrcycle@173.214.160.92] has joined #openvpn 05:39 -!- Brownout_ [~brownout@wikimedia/brownout] has joined #openvpn 05:39 -!- Haraken [~ryuk@unaffiliated/haraken] has joined #openvpn 05:40 -!- [1]SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has joined #openvpn 05:40 -!- WebDawg [~WebDawg@officialg0d.com] has joined #openvpn 05:40 -!- Brownout [~brownout@wikimedia/brownout] has quit [Ping timeout: 248 seconds] 05:43 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 248 seconds] 05:43 -!- [1]SigmaProjects is now known as SigmaProjects 06:24 <@vpnHelper> RSS Update - forum: Broadcasts using tun 06:25 -!- nixusr [~nixusr@205.185.121.60] has joined #openvpn 06:25 -!- nixusr [~nixusr@205.185.121.60] has quit [Changing host] 06:25 -!- nixusr [~nixusr@unaffiliated/nixusr] has joined #openvpn 06:26 -!- nixusr [~nixusr@unaffiliated/nixusr] has quit [Read error: Connection reset by peer] 06:30 <@vpnHelper> RSS Update - forum: Broadcasts using tun 06:39 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 06:49 -!- amir [~amir@unaffiliated/amir] has quit [Remote host closed the connection] 06:54 <@vpnHelper> RSS Update - forum: Website Audit: What Really is It? 06:58 -!- Brownout_ [~brownout@wikimedia/brownout] has left #openvpn [] 07:00 <@vpnHelper> RSS Update - forum: need help on installing old program on windows 7 07:12 -!- APTX [APTX@unaffiliated/aptx] has quit [Remote host closed the connection] 07:12 <@vpnHelper> RSS Update - forum: any way to have log of users?? 07:13 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 07:17 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 272 seconds] 07:24 -!- rasyid7 [~3333@183.78.51.185] has quit [Read error: Connection reset by peer] 07:24 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 07:27 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 272 seconds] 07:30 <@vpnHelper> RSS Update - forum: any way to have log of users?? 07:32 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 07:49 -!- p3rror [~mezgani@41.137.254.45] has quit [Read error: Operation timed out] 08:01 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:02 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 08:06 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 08:18 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 08:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:22 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 244 seconds] 08:25 <@vpnHelper> RSS Update - forum: Broadcasts using tun 08:26 -!- MarKsaitis [~MarKsaiti@88.96.60.78] has quit [Ping timeout: 248 seconds] 08:26 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 08:27 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 08:29 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 08:31 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 08:34 -!- buntfalke [~nobody@unaffiliated/buntfalke] has joined #openvpn 08:34 -!- amir [~amir@unaffiliated/amir] has joined #openvpn 08:34 -!- Khas [~Khas@ewangunn.com] has joined #openvpn 08:35 < Khas> Hello. I've set the netmask to be /24, but all the clients receive a /30 netmask. Do I have to set the netmask anywhere else? Cause at the moment the clients can't see each other :-( 08:36 <@dazo> Khas: you're using tun mode? 08:37 <@dazo> Khas: if so, have a look at --topology in the man page 08:37 < Khas> tun is layer 3, right? 08:37 < Khas> I always get them confused :-D 08:37 <@dazo> !tunortap 08:37 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over the 08:37 <@vpnHelper> vpn or (#4) lan gaming? use tap! 08:37 < rob0> !/30 08:37 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 08:37 <@dazo> Khas: yeah, tun is layer 3 (I had to double check ^^^) 08:37 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 08:40 < Khas> Haha it is for windows shares, but I'm just used to addressing by either hostname or ip, neither of which works. 08:40 < Khas> Well, not just windows shares. 08:40 < Khas> I just want them all on the same subnet 08:41 < Khas> So it's best to use tap, if I want to set it up for lan gaming too. 08:42 < Khas> And let the server dish out the IPs 08:47 <@vpnHelper> RSS Update - forum: Which one better 08:48 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:48 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:48 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:48 -!- mode/#openvpn [+v Axeman] by ChanServ 08:50 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 08:53 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:57 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 09:07 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 09:11 -!- rasyid7 [~3333@69.163.36.67] has quit [Remote host closed the connection] 09:12 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 09:13 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 09:13 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 09:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 09:58 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 240 seconds] 09:58 <@vpnHelper> RSS Update - forum: Hardware requirments for 7000 users works over OpenVpn SRV 09:59 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 10:04 -!- druid [~druid@unaffiliated/druid] has joined #openvpn 10:04 < druid> Hi 10:05 < druid> Can someone tell me what would be the impact in terms of cpu etc on a server for an openvpn server with one connection? 10:05 < druid> i know it might be a bit vague but... 10:06 < rob0> anywhere from minimal to overwhelming, depending how much traffic you push through it 10:08 < rob0> The choice of cipher can make a difference too, as can other settings. 10:09 -!- Nebukadneza [~Nebukadne@h1749472.stratoserver.net] has joined #openvpn 10:09 < Nebukadneza> heho 10:10 < Nebukadneza> i've problems migrating a old openvpn config/connection to a new p-t-p ip of the other side. using this config: http://nopaste.ghostdub.de/?491 openvpn somehow adds routes to 10.8.0.2 upon connect (10.8.0.6 is the correct ptp partner ip) 10:14 -!- Khas [~Khas@ewangunn.com] has quit [Ping timeout: 248 seconds] 10:27 < ecrist> !welcome 10:27 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 10:30 -!- dazo is now known as dazo_afk 10:32 < rob0> druid, an unsolicited PM is very rude. People who want support outside of the channel must be willing to pay for that support. 10:37 < Nebukadneza> !logs 10:37 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 10:38 < Nebukadneza> !configs 10:38 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:38 < Nebukadneza> !interface 10:38 <@vpnHelper> "interface" is (#1) paste interface configuration from both client and server, while being disconnected and when beeing connected. Be sure to also add the routing tables for both situations from client and from server or (#2) in windows: ipconfig /all - unix: ifconfig -a , and for routing tables: netstat -rn 10:38 < Nebukadneza> thhanks, one sec ;) 10:38 -!- dazo_afk is now known as dazo 10:40 -!- skynet-2000 is now known as skynet 10:40 -!- skynet is now known as Guest11006 10:51 -!- gui113 [~gu1113m0@gondolin.uc3m.es] has joined #openvpn 10:51 < druid> rob0: the only thing that is rude is to write that in the cannel instead of simply saying that in the private message i sent 10:51 < druid> i didn't think it was a problem, i didn't think you could be such a douche. 10:51 < druid> *channel 10:53 < rob0> http://sweet.nodns4.us/ might help, and at that, I am done. 10:53 <@vpnHelper> Title: S.W.E.E.T.: Stop Wasting Everyone Else's Time (at sweet.nodns4.us) 10:54 < druid> i'm used to irc which doesn't mean i have to agree with your site 10:54 < druid> if anybody come and ask me questions in private, if i have problems with that i'll tell him in the private message 10:54 < druid> because i'm civilized 10:54 < druid> you're not 10:59 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 240 seconds] 11:01 -!- gui113 [~gu1113m0@gondolin.uc3m.es] has left #openvpn ["Saliendo"] 11:01 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Textual IRC Client: http://www.textualapp.com/] 11:01 -!- Gravitron [~admin@64.93.145.58] has joined #openvpn 11:01 -!- Gravitron [~admin@64.93.145.58] has quit [Changing host] 11:01 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 11:02 -!- Kateon [482392@xs8.xs4all.nl] has quit [Ping timeout: 252 seconds] 11:02 -!- cherwin [1776628@xs8.xs4all.nl] has quit [Ping timeout: 252 seconds] 11:02 < Nebukadneza> phew, gathered all the info -> http://nopaste.ghostdub.de/?496 11:02 -!- Kateon [~user@xs8.xs4all.nl] has joined #openvpn 11:03 < Nebukadneza> i am able to initialize the openvpn connection, i can ping the point2point partner, the routes seem to be pushed and set correctly, however... i can't seem to reach the net on the other side (or, for that matter, even the other box itself with its own lan ip) 11:03 < Nebukadneza> (i also somehow miss the learn: messages for those ips when i ping them?) 11:06 < Nebukadneza> (it also seems that the client (10.8.0.2 // 172.19.10.74) can ping the server (10.8.0.1 // 192.168.0.1) on its lan-ip (192.168.0.1)) 11:07 -!- Kateon [~user@xs8.xs4all.nl] has quit [Ping timeout: 252 seconds] 11:08 -!- cherwin [~cherwin@xs8.xs4all.nl] has joined #openvpn 11:09 -!- Kateon [~user@xs8.xs4all.nl] has joined #openvpn 11:10 < rob0> Nebukadneza, would have been easier without all those comments, like the factoid said. 11:11 < Nebukadneza> oh, overread that, sorry :/ 11:11 < Nebukadneza> should i re-paste? 11:11 < rob0> I can't wade through it all, using lynx here. 11:11 < ecrist> druid: what are you carrying on about? 11:15 < ecrist> channel policy, as is typical of support channels on IRC, is to keep everything in-channel. 11:16 < ecrist> unsolicited PMs are not OK 11:16 < ecrist> rob0 was not out of line calling you out, and most here likely wouldn't have noticed you being chastised if it wasn't for your own efforts to continue the argument. 11:18 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 11:21 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 11:22 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 11:25 < Nebukadneza> d'oh 11:25 < Nebukadneza> missed a iroute in the clients ccd 11:26 < rob0> heh, cool, you found it :) 11:26 < Nebukadneza> tinkering quite a bit ;) 11:26 < rob0> the process of making a good pastebin always helps :) 11:26 < Nebukadneza> thanks nonetheless! :) 11:26 < ecrist> most here, aside from me, aren't assholes. ;) 11:27 <+EugeneKay> Your mother is a hamster and your father smells of elderberries. 11:27 < Nebukadneza> lol 11:27 < rob0> I'm definitely not an asshole! I have it on good authority that I am a douche. ;) 11:28 < rob0> remember, you read it here first! 11:28 < thumbs> I can vouch for that statement - rob0 IS a douche! :) 11:28 < rob0> haha 11:33 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Read error: Connection reset by peer] 11:34 -!- Azrael808 [~peter@212.161.9.162] has quit [Read error: Operation timed out] 11:38 <@vpnHelper> RSS Update - forum: Computer Repair... 11:40 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 11:45 <@dazo> but even more importantly, rob0 has merits in helping out people here; quite well too, from what I have seen 11:47 < rob0> aww, thanks guys 11:47 < rob0> your support is appreciated 11:47 < ecrist> check's in the mail, I'm sure 11:47 <@dazo> heh ... e-mail, I presume :-P 11:47 < rob0> yes, but it's rubber :( 11:53 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 11:55 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 11:55 <@vpnHelper> RSS Update - forum: Help with Start-Up Error 11:56 -!- DarthGandalf [~Vetinari@znc/developer/DarthGandalf] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"] 11:57 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 11:58 -!- agagag_ [~anton@eudaimonia.goto10.org] has quit [Ping timeout: 244 seconds] 12:02 <@vpnHelper> RSS Update - forum: Trying to compile the tap driver source code 12:03 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 12:06 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 12:06 -!- agagag [~anton@eudaimonia.goto10.org] has joined #openvpn 12:09 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 12:09 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 12:12 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 12:18 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 12:18 -!- openbsdnoob [~openbsdno@88.79.221.61] has left #openvpn [] 12:19 -!- oc80z [oc80z@blea.ch] has joined #openvpn 12:20 -!- openbsdnoob [~openbsdno@88.79.221.61] has joined #openvpn 12:30 -!- pwrcycle [~pwrcycle@173.214.160.92] has quit [Changing host] 12:30 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has joined #openvpn 12:36 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 12:43 -!- hkais [~xenoadmin@82.113.119.229] has joined #openvpn 12:44 < hkais> hello all 12:44 < hkais> !welcome 12:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 12:47 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 12:50 < koaschten> Anyone got a tip where to look if i can ping but not traceroute from one to another bridged end of vpn-connected network? e.g. i split my 192.168.0.0/24 network into 100-150 and 200 to 250, i can ping from .123 to .234 and vice versa but i cant traceroute 13:00 <@vpnHelper> RSS Update - forum: Change Tray Icon In OpenVPN Connect Client? 13:00 <+EugeneKay> !firewall 13:00 <@vpnHelper> "firewall" is (#1) please see http://openvpn.net/man#lbBD for more info or (#2) see http://www.secure-computing.net/wiki/index.php/OpenVPN/Firewall for brief notes on disabling firewall rulesets. 13:01 < koaschten> EugeneKay I already figured it out, trying to traceroute the same device is stupid ;) it works fine, i tried to trace from the routers shell which wasn't really clever 13:02 <+EugeneKay> ;-) 13:02 <+EugeneKay> Traceroute is a funky one because windows and *nix implementations are wildly different, and firewalled differently. 13:03 < koaschten> And i can actually print across the vpn too, which is awesome considering i only played around with dd-wrt and openvpn for 3 hours now. 13:03 < koaschten> it's pretty straightforward and changed positively in the last 2 years since i had a look at it. 13:04 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has joined #openvpn 13:06 <@vpnHelper> RSS Update - forum: When will v6 server be supported? 13:06 <+EugeneKay> Glad to hear it. 13:07 < win5hit> hi there, i've got a question not directly concerning openvpn. i'm trying to write a little program that uses some kind of smartcard to store the private key of a openvpn user. 13:08 -!- corretico [~luis@190.211.93.11] has quit [Remote host closed the connection] 13:08 <+EugeneKay> Never touched it. IIRC, there's a bit on it in the howto 13:08 < win5hit> but im not sure how to handle the public key of the ca that signed the ca. as far as i understand there is no need to store it safely? i mean... its the public key 13:09 < Olipro> correct 13:09 <+EugeneKay> Public keys and certs are public. Keep them in a .crt somewhere. 13:09 < Olipro> actually, the public key of the CA is required for verifying the signature 13:11 < win5hit> when i "export" the cacertificate from a p12 with openssl i have to enter a PEM pass phrase... is it optional or why would i set a password for a public key 13:11 < koaschten> it's an optional security measure which probably was set during creation? 13:11 <@vpnHelper> RSS Update - forum: Computer Repair... 13:14 < win5hit> going to read the man of openssl... 13:15 -!- dazo is now known as dazo_afk 13:17 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has left #openvpn ["PING 1326827853"] 13:24 < hkais> hello all 13:24 < hkais> how can I setup openvpn to work with VLANs? 13:32 -!- p3rror [~mezgani@41.137.254.45] has quit [Read error: Operation timed out] 13:36 <@vpnHelper> RSS Update - forum: Failover/redundancy scenario 13:41 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 13:41 <+EugeneKay> Olipro - you owe me a Xmas present http://www.ebay.com/itm/220916597331 13:41 <@vpnHelper> Title: SuperMicro 6015B Server Dual (2x) Intel Quad Core Xeon 1.86Ghz, 16GB, 160Gb | eBay (at www.ebay.com) 13:42 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has joined #openvpn 13:42 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 13:45 -!- JPeterson [~JPeterson@s213-103-209-64.cust.tele2.se] has joined #openvpn 13:50 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 13:51 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Read error: Connection reset by peer] 13:52 -!- JPeterson [~JPeterson@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 14:00 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 14:00 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 14:06 -!- druid [~druid@unaffiliated/druid] has left #openvpn ["Once you know what it is you want to be true, instinct is a very useful device for enabling you to know that it is"] 14:06 <@vpnHelper> RSS Update - forum: Routing Client Traffic Through The Server 14:08 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:09 -!- buntfalke [~nobody@unaffiliated/buntfalke] has quit [] 14:12 -!- hkais [~xenoadmin@82.113.119.229] has quit [Ping timeout: 240 seconds] 14:16 -!- star314 [~star314@starnet1.sinh.us] has joined #openvpn 14:30 -!- Crumbz [~Crumbz@host-2-96-27-163.as13285.net] has joined #openvpn 14:32 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has joined #openvpn 14:34 -!- star314 [~star314@starnet1.sinh.us] has quit [Quit: Leaving] 14:36 <@vpnHelper> RSS Update - forum: Can't connect - Having a hard time with this 15:06 -!- hkais [~xenoadmin@stgt-5f701ab1.pool.mediaWays.net] has joined #openvpn 15:18 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 15:18 <@vpnHelper> RSS Update - forum: OpenVPN/OpenWRT routing issues 15:26 -!- Mowi [~Mowi@lendabrain.net] has quit [Quit: I don't discriminate, I hate everyone.] 15:28 -!- Mowee [~Mowi@lendabrain.net] has joined #openvpn 15:31 <@vpnHelper> RSS Update - forum: OpenVPN/OpenWRT routing issues 15:47 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 15:52 < Araluccl0> hi, can anyone help me (complete newbie) Im trying to route my client traffic thru openvpn server... I just added push "redirect-gateway def1" and push "dhcp-option DNS 10.8.0.1" on my server.conf (10.8.0.1) traffic seems to route but browser doesnt open sites on my server... btw I just realized that on server ping -i tap0 www.xxxx.com dosnt work... so I guess route works but dns on tap0 doesnt? 15:53 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 15:53 < Araluccl0> err: I meant browser doesnt open sites on my client 15:53 < Araluccl0> err2: ping -I 15:54 <@krzee> !redirect 15:54 <@vpnHelper> "redirect" is (#1) to make all inet traffic flow through the vpn, you will need --redirect-gateway (see !def1), as well as IP forwarding (see !ipforward) and NAT (see !nat) enabled on the server. or (#2) you may need to use a different dns server when redirecting gateway, see !dns or !pushdns 15:54 <@krzee> !linnat 15:54 <@vpnHelper> "linnat" is (#1) for a basic iptables NAT where 10.8.0.x is the vpn network: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE or (#2) to choose what IP address to NAT as, you can use iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to or (#3) http://netfilter.org/documentation/HOWTO//NAT-HOWTO.html for more info or (#4) openvz see !openvzlinnat 15:54 <@vpnHelper> RSS Update - forum: Can't get portforwarding to work 15:54 <@krzee> !linipforward 15:54 <@vpnHelper> "linipforward" is (#1) echo 1 > /proc/sys/net/ipv4/ip_forward for a temp solution (til reboot) or set net.ipv4.ip_forward = 1 in sysctl.conf for perm solution or (#2) chmod +x /etc/rc.d/rc.ip_forward for perm solution in slackware 15:55 < |Mike|> *burp* 15:56 < Araluccl0> I guess I did all ... but ill recheck... thanks 15:56 < Araluccl0> !def1 15:56 <@vpnHelper> "def1" is (#1) used in redirect-gateway, Add the def1 flag to override the default gateway by using 0.0.0.0/1 and 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of overriding but not wiping out the original default gateway. or (#2) please see --redirect-gateway in the man page ( !man ) to fully understand or (#3) push "redirect-gateway def1" 15:57 < Araluccl0> !pushdns 15:57 <@vpnHelper> "pushdns" is (#1) push "dhcp-option DNS a.b.c.d" to push dns to the client or (#2) http://thread.gmane.org/gmane.network.openvpn.user/25139/focus=25147 see that mail archive for some info on pushing dns or (#3) http://article.gmane.org/gmane.network.openvpn.user/25149 for a perm fix via regedit or (#4) in unix you'll use the update-resolv-conf script or (#5) also 15:57 <@vpnHelper> http://comments.gmane.org/gmane.network.openvpn.user/31975 reports --register-dns as fixing their problems pushing DNS to windows 7 15:59 <@krzee> can you ping a ip, like 8.8.8.8 for example 16:01 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 16:01 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 16:01 < Araluccl1> I guess I cant be on irc either :) 16:02 < Araluccl1> btw the fact that ping -I tap0 fails maybe can be related 16:02 < Araluccl1> ? 16:02 < Araluccl1> that happenson the server 16:08 <@krzee> you dont need to specify the interface 16:08 <@krzee> the routing table will handle that 16:08 < Araluccl1> well without -I I can ping correctly 16:09 <@krzee> !logs 16:09 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 16:09 <@krzee> verb 4 is enough 16:09 < Araluccl1> ok...wait a sec pls... I do that 16:11 < Araluccl1> I count get disconnected as soon as I connect to server... but ill come back soon :) 16:11 < Araluccl1> could 16:11 < |Mike|> hf. 16:13 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 16:13 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 16:15 < Araluccl0> this is my server log http://pastebin.com/6CQsee0G this is my client log http://pastebin.com/SpygxtTB 16:15 < Araluccl0> verb 5 16:15 < Araluccl0> I hope its useful 16:16 < Araluccl0> I have other clients enabled... client Im testing with is parasbro.casa1 16:17 < Araluccl0> if I remove push redirect def1 and push dns vpn traffic works fine 16:17 < Araluccl0> I have no idea o what is that RwWWRwRwR.... :) 16:17 < |Mike|> fix perms 16:18 <@krzee> |Mike|, huh? 16:18 < Araluccl0> the warnign lines? 16:18 < Araluccl0> warning 16:18 < Araluccl0> about the key 16:18 < Araluccl0> yes I have to... but I guess its not thet th routing problem 16:19 < |Mike|> warnings should be fixed too :) 16:19 < Araluccl0> yes... but its a provate client and server bos ...so they are secur so far :) 16:19 < Araluccl0> boxes 16:19 < |Mike|> True! 16:20 < |Mike|> Hrm, maybe I should read the whole conversation before answering. I feel kinda stupid now haha 16:20 < Araluccl0> Im trying to route all my traffic thru vpn server but it doesnt work :) 16:20 < Araluccl0> client traffic 16:21 < Araluccl0> push redirect def1 and push dns but that breaks my client internet 16:21 < Araluccl0> ...I used them 16:22 < Araluccl0> if I remove them client and server work... but of cause no traffic is redirected 16:24 -!- cjs226 [~cjs226@rrcs-71-40-79-154.sw.biz.rr.com] has quit [] 16:35 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 16:35 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 16:35 <@krzee> cat /proc/sys/net/ipv4/ip_forward 16:35 <@krzee> on your server 16:35 <@krzee> tell me the output 16:36 <@krzee> also, iptables -L -t nat 16:36 < |Mike|> 0 or 1 ? ;-) 16:37 < Araluccl0> 1 16:37 <@vpnHelper> RSS Update - forum: Static IP Windows Please 16:37 < Araluccl0> http://pastebin.com/XephWPdH 16:37 < Araluccl0> ots the paste of iptables -L -t nat 16:37 < Araluccl0> its 16:43 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks 16:44 <@krzee> can the client ping 10.8.0.1? 16:45 < Araluccl0> normally yes... I don't know if I can with push options... wait I try (ill get disconencted again) 16:46 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Quit: Anche il discorsismo ha un limitismo.] 16:46 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 16:47 < Araluccl0> the answer is yes :) Esecuzione di Ping 10.8.0.1 con 32 byte di dati: 16:47 < Araluccl0> Risposta da 10.8.0.1: byte=32 durata=139ms TTL=64 16:48 < Araluccl0> everything inside the vpn seems to work... except access to wan on the client 16:48 -!- Crumbz [~Crumbz@host-2-96-27-163.as13285.net] has quit [Quit: Leaving] 16:48 < Araluccl0> I can paste my configs if that can help 16:48 < Araluccl0> I also have ccd dir... but its empty right now 16:49 <@krzee> sure, like this: 16:49 <@krzee> !configs 16:49 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 16:50 <@krzee> and you said you cant ping 8.8.8.8 when on the vpn, right? 16:50 <@krzee> or you can, but not with -I 16:50 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Remote host closed the connection] 16:51 < Araluccl0> thats the strange ... ping -I venet0 (my eth0) 8.8.8.8 works 16:51 < Araluccl0> ping -I tap0 8.8.8.8 doesnt 16:51 <@krzee> and without -I 16:51 < Araluccl0> it works 16:52 <@krzee> go to whatismyip.com 16:53 < Araluccl0> well... right now... I have client disconnected and have my provider ip... if I try to conenct... I cant connect to any site...so I cant check 16:53 <@krzee> well the ping tests were all while connected, right? 16:53 < Araluccl0> the ping 10.8.0.1 16:53 < Araluccl0> yes 16:54 < Olipro> does tap0 have an assigned address? 16:54 < Araluccl0> anything except vpn ips doesnt work 16:54 < Olipro> ok, I see 16:54 < Olipro> so tap0 has an RFC1918 address 16:54 <@krzee> [14:51] ping -I tap0 8.8.8.8 doesnt 16:54 <@krzee> [14:51] and without -I 16:54 <@krzee> [14:51] it works 16:54 <@krzee> while on the vpn^ ? 16:54 < Olipro> that just means that ping is using a different interface 16:54 < Olipro> quite probably venet0 16:54 < Araluccl0> Link encap:Ethernet HWaddr 16:ff:7a:87:80:41 16:54 < Araluccl0> inet addr:10.8.0.1 Bcast:10.8.0.255 Mask:255.255.255.0 16:55 < Olipro> sounds to me like the VPN server isn't NATting your traffic 16:55 < Araluccl0> it just has a ip6 address (my server is a vps) 16:55 <@krzee> show your routing table after connected 16:55 < Olipro> so... you have a VPN to a server with IPv6 only 16:55 < Olipro> and you expect to be able to route IPv4 traffic through it? 16:55 < Araluccl0> table on server or client? 16:55 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 16:55 < Araluccl0> nope... I have a public ip on vps 16:56 -!- Cybert1nus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 16:56 < Araluccl0> this is my server.conf http://pastebin.com/LQf6j1mJ 16:56 < Olipro> and is it configured to NAT traffic from the VPN interface 16:56 < Araluccl0> if it can help 16:56 < Araluccl0> hmm... I have no idea... :) 16:56 < Araluccl0> how can i check 16:56 < Olipro> that would be a "No" then 16:56 < Olipro> OpenVPN has nothing to do with NAT 16:57 < Olipro> what OS is the VPN server running 16:57 < Araluccl0> hmm... no clue... really newbie... about routing 16:57 < Araluccl0> if needed I can paste client.conf too 16:57 < Olipro> no, just answer my question 16:58 < Araluccl0> ubunti 11 16:58 < Olipro> if you can ping the server on the 10.x.x.x address, there is nothing wrong with OpenVPN 16:58 < Araluccl0> ubuntu 16:58 < Araluccl0> I can...from my client 16:58 < Olipro> iptables -t nat -vnL POSTROUTING 16:58 < Araluccl0> without push redirect directives vpn seems to wiork fine 16:59 < Araluccl0> Chain POSTROUTING (policy ACCEPT 1680 packets, 112K bytes) 16:59 < Araluccl0> pkts bytes target prot opt in out source destination 16:59 < Araluccl0> 0 0 MASQUERADE all -- * eth0 10.8.0.0/24 0.0.0.0/0 16:59 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 16:59 < Olipro> eth0 is the interface with the public IP, right? 17:00 < Araluccl0> in ifconfig its not there... I have the usual tap0 + a venet0 but I guss so 17:00 < Olipro> then no, it's not 17:00 < Araluccl0> hmm 17:00 < Olipro> so your MASQUERADE rule is incorrect 17:00 < Araluccl0> oh 17:01 < Araluccl0> ...you could be absolute right... 17:01 < Olipro> iptables -t nat -D POSTROUTING 1 17:01 < Araluccl0> silly me 17:01 <@krzee> Olipro++ 17:01 < Olipro> iptables -t nat -A POSTROUTING -o venet0 -s 10.8.0.0/24 -j MASQUERADE 17:02 < Araluccl0> yes.. thats was probable a big mistake... can I try to reconnect the client now... 17:02 < Araluccl0> if I get disconnected... dont worry..ill come back :) 17:03 < Olipro> sure 17:03 < Olipro> I'd suggest not redirecting routes 17:03 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:03 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:04 < Araluccl1> hehe... I guess it diosnt work.. but it was myerror to correct for sure 17:04 < Araluccl1> I checked while connected... I can ping server form client and vice versa 17:05 < Araluccl1> I can ping public ip fron server...but not from client... BUT from server ping -I tap0 doesnt work 17:06 < Araluccl1> ping -I tap0 8.8.8.8 17:06 < Araluccl1> PING 8.8.8.8 (8.8.8.8) from 10.8.0.1 tap0: 56(84) bytes of data. 17:06 < Araluccl1> dosnt work 17:07 < Araluccl1> ping -I venet0 8.8.8.8 17:07 < Araluccl1> PING 8.8.8.8 (8.8.8.8) from 216.231.135.109 venet0: 56(84) bytes of data. 17:07 < Araluccl1> 64 bytes from 8.8.8.8: icmp_req=1 ttl=55 time=23.6 ms 17:07 < Araluccl1> this one does 17:07 <+EugeneKay> !paste 17:07 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 17:07 -!- p3rror [~mezgani@41.249.12.201] has joined #openvpn 17:07 < |Mike|> EugeneKay: no need for tbh. Nobody else is chatting :) 17:07 < Araluccl1> sorry if i fllooded 17:08 < Araluccl1> but they were less than 5 :) 17:08 <+EugeneKay> DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS 17:08 <+EugeneKay> Wait, that's not the right one. 17:08 < |Mike|> badgerbadger? ;-) 17:08 <+EugeneKay> RAH RAH RAH !FACTOID 17:08 <@krzee> wait is |Mike| setting policy now? lol 17:08 < |Mike|> krzee: yes sir! 17:09 <+EugeneKay> In #git I've gotten into the habit of covertly inserting factoids into the bot, then responding in-channel with said factoid for simple requests. 17:09 <+EugeneKay> Much more fun to make it sound like it's a common, simple thing and urdoinitrong 17:09 < Araluccl1> this is my client.conf if can help http://pastebin.com/kKVb5v1b 17:10 <+EugeneKay> Remind me what the problem is, the start of it is lost in my scrollback 17:11 < Araluccl1> Im trying to route my client traffic trhu vpn ip 17:11 < Araluccl1> but if I add push redirect def1 and push dhcp option dns client cant tonnect to wan 17:11 < Araluccl1> if I add them on the server 17:11 < |Mike|> EugeneKay: haha, that rule is evil :D 17:12 <+EugeneKay> If you do it from the client side, you don't use "push" 17:12 < Araluccl1> nope... i put both into server.conf 17:13 <+EugeneKay> Looks like you're doing the ifconfig stuff on the client side, rather than server side? 17:13 < Araluccl1> hmm... 17:13 < Araluccl1> I thought it was correct for tap dev... didnt it? 17:13 <+EugeneKay> dev tap is evil and worthy of a firm beating 17:13 < Araluccl1> it worked without redirect directives 17:14 < |Mike|> krzee: does the bot have a quote function? 17:14 < Araluccl1> at this point im openeed to every solution :) 17:14 <+EugeneKay> Textbook solution is to do dev tun, and have server hand out as much of the config as possible 17:15 < Araluccl1> can tun config handle more that a client subnet? 17:15 <+EugeneKay> Sure. 17:15 < Araluccl1> I have more than a client connected to the server 17:15 < Araluccl1> I thought it was a point to point solution :) 17:16 <+EugeneKay> The tun device itself is, but that's what routes are for. 17:16 < Araluccl1> so one server to one client 17:16 <+EugeneKay> As far as the server is concerned, the whole subnet goes down that tun device(and into openvpn). 17:16 <+EugeneKay> From there it's all openvpn's problem. 17:17 < Araluccl1> hmm... well i guess ill have to modify my config... you think my client and server conf need much customizations? 17:17 < Araluccl1> or just dev tun ? 17:17 <+EugeneKay> Switch to dev tun on both ends, drop the ifconfig on the client side, make sure your ifconfig-pool is right on the server side 17:17 < Araluccl1> ok... wait... :) I try 17:18 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 17:18 < Araluccl1> i comment these 2 line on client? 17:18 < Araluccl1> ifconfig 10.8.0.3 255.255.255.0 17:18 < Araluccl1> ifconfig-nowarn 17:19 <+EugeneKay> Yup 17:19 <+EugeneKay> You also don't need tls-client, the --client directive already expands to --pull --tls-client 17:20 < Araluccl1> ok... it didnt disconnected me... so worked... but whatismyiop shows my providerì's ip 17:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 17:21 < Araluccl1> but its a start 17:21 <+EugeneKay> logs from the client connection? 17:22 < Araluccl1> http://pastebin.com/9WRHSPRv 17:22 < Araluccl1> its verb 5 17:23 < Araluccl1> wai..im a stupid.. didnt change dev on cloient...sorry 17:23 <+EugeneKay> "since you are using --dev tap" 17:23 <+EugeneKay> Yeah :-p 17:23 <+EugeneKay> And do you have --route-gateway 10.8.0.1 on the server? 17:24 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 17:25 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:25 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:26 < Araluccl1> hehe... it lasted not for long... 17:26 < Araluccl1> but it did worked... 17:26 < Araluccl1> this is client log http://pastebin.com/dg3zQkuu 17:27 <+EugeneKay> Not seeing why it died 17:28 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:28 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:28 < Araluccl1> hmm.. it works... but I get disconnected after a few minutes... 17:29 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 17:29 <+EugeneKay> Is it redirecting properly? 17:29 < Araluccl1> yes...whatismyip showed my vps ip 17:29 <+EugeneKay> Good. ;-) 17:29 < Araluccl1> but it lasts less than 1 minute :) 17:30 <+EugeneKay> That's probably a stateful firewall problem 17:30 < Araluccl1> client side or server side 17:30 < Araluccl1> ? 17:30 <+EugeneKay> Depends. Where are you? 17:30 < Araluccl1> home :D 17:30 <+EugeneKay> I mean, ISP/Geographically 17:30 < Araluccl1> im in italy 17:31 < Araluccl1> vps is usa 17:31 < Araluccl1> I need it for HULU :) 17:31 <+EugeneKay> I don't think Italy has any funky int'l firewall stuff, but I've been wrong before 17:31 < Olipro> they don't 17:31 < Olipro> also, hi, I'm back, how far have you gotten 17:31 < Araluccl1> im pretty sure we dont have 17:31 <+EugeneKay> It's redirecting properly now, but it's dropping the connection 17:31 < Olipro> you don't, as much of a dick as Berlusconi was, you're still part of the EU 17:31 < Araluccl1> I switched from tap to tun 17:32 < Araluccl1> and now everything seems to work... (thansks to EugeneKay) byut...I got disconencted 17:32 <+EugeneKay> I wanna say try TCP, see if it works any better 17:32 < Araluccl1> whatismyip shows vpn ip..but after a minute...connection drops 17:32 < Olipro> TCP in TCP is The Worst. 17:32 < Araluccl1> cool..wait... 17:32 < Araluccl1> oh 17:32 < Olipro> even without Nagle 17:32 <+EugeneKay> Yes, yes, I know. But "the worst" is better than "not at all" 17:32 < Araluccl1> i can try...wait 17:33 <+EugeneKay> If you want a lighter-weigth whatismyip, I recommend http://util.khresear.ch/myip 17:33 <@vpnHelper> Title: What is my IP? (at util.khresear.ch) 17:33 < Olipro> what's wrong with ip4.me 17:33 <+EugeneKay> It doesn't give you the full reverse DNS and forward addresses for your reverse. :-p 17:34 < Olipro> good point 17:34 <+EugeneKay> I should improve the API of that, give JSON as an option 17:35 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 17:35 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:36 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:36 < Araluccl1> nope..it didnt work... :) 17:36 < Araluccl1> its a pity...cause everything seemed to wiork fine 17:37 < Olipro> sounds like the firewall issue is one of your endpoints 17:38 <+EugeneKay> Yup, and I'm not getting paid enough to debug firewalls. :-p 17:38 <+EugeneKay> Play with nmap. 17:38 < Araluccl1> oh... wait... I had a openvpn client launced on my openwtroute too with iolder tap config..maybe it screwed up... 17:38 <+EugeneKay> Very likely. 17:38 < Araluccl1> i stopped now 17:38 < Araluccl1> :) i retry... 17:38 <+EugeneKay> If you look at the server log, it'll probably complain about duplicate clients 17:39 <+EugeneKay> Which describes exactly that issue. 17:39 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has joined #openvpn 17:39 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 17:40 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 17:40 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 17:41 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 17:41 < Araluccl1> :) that sucks... 17:41 < win5hit> can somebody explain to me how the client certificate is checked during the authentification process? like some data is signed with the clientcert and sent to the server.... 17:42 < Araluccl1> 69.93:2128 MULTI: bad source address from client [192.168.1.5], packet dropped 17:42 <+EugeneKay> !pki 17:42 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 17:42 <@vpnHelper> signed specially as a server (see !servercert) 17:42 < Araluccl1> this one? 17:42 <+EugeneKay> No, that's just a weird error. 17:42 <@krzee> hey Araluccl, why you using tap anyways? 17:42 <+EugeneKay> krzee - he isn't anymore :-p 17:43 <@krzee> ahh nice 17:43 < Araluccl1> cause I thought tun was point to point connection 17:43 < Araluccl1> and I have different clients 17:43 < Araluccl1> http://pastebin.com/7b5VMqhX this is my server log 17:43 < Araluccl1> bad source... 17:44 < Araluccl1> (im 192.168.1.5) 17:44 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 17:44 < Araluccl1> I guess its a config issue 17:44 <@krzee> weird 17:45 <@krzee> ive seen this before 17:45 <@krzee> never figured out the issue tho 17:45 < Araluccl1> hehe... lucky me 17:45 <@krzee> where it sends packets over tun even tho it uses src address of eth0 17:45 <@krzee> whereas it should use src of tun0 17:45 <@krzee> is the client ALWAYS 192.168.1.x? 17:45 <@krzee> or is it a laptop or something...? 17:46 < Araluccl1> well... nope... I also have a 10.51.0.0 at work 17:46 < Araluccl1> and in fact I gues now its turne on trying to connect to a rap server :) 17:46 < Araluccl1> tap 17:47 < Araluccl1> oh..and I have a client on my android cell too :) 17:47 < Araluccl1> but its not ùturned off i guess 17:47 < Araluccl1> not = now 17:48 < Araluccl1> maybe all those float and other client directives? 17:48 < Araluccl1> I could try a trial and figure comments but i have no clue :) 17:49 < Araluccl1> now I try to comemnt pus redirect on server and check if I disconnect again 17:50 < Araluccl1> im still here... 17:51 <@vpnHelper> RSS Update - forum: Build own Installer 17:51 < Araluccl1> so I guess... push "redirect-gateway def1" and / or push "dhcp-option DNS 10.8.0.1" are the guilties 17:52 < Araluccl1> those are the only ones I commented 17:52 <@krzee> heh 17:52 <@krzee> well ya 17:52 <@krzee> you arent redirecting your route to go through your vpn 17:53 <@krzee> so while it doesnt disconnect, it also doesnt access the inet through your vpn 17:53 < Araluccl1> hmm 17:53 -!- win5hit [~Winshit@HSI-KBW-46-223-5-242.hsi.kabel-badenwuerttemberg.de] has quit [Quit: Leaving.] 17:53 < Araluccl1> I didnt get it... 17:53 <@krzee> is your dns server listening on 10.8.0.1? 17:53 < Araluccl1> im sorry :) 17:53 < Araluccl1> on my vps dns servers are 8.8.8.8 and 8.8.4.4 17:54 <@krzee> your client and server are BOTH on tun now, right? 17:54 < Araluccl1> yes 17:54 <@krzee> so do you have a dns server listening on 10.8.0.1? 17:55 < Araluccl1> hmm... what do you mean with listening... i can see 2 ones into sresolve.conf :) 17:55 < Araluccl1> (really newbie... im so ashamed :D ) 17:56 <@krzee> push "dhcp-option DNS 10.8.0.1" 17:56 < Araluccl1> thankg god mom cant see me now... 17:56 <@krzee> if you arent running a NS on 10.8.0.1, thats bad 17:56 < Araluccl1> oh... 17:56 < Araluccl1> so the ones into resolve.conf arent good? 17:56 < Araluccl1> I can oping public sites from ps so I thought they worked fine 17:57 < Araluccl1> vps 17:57 < Araluccl1> btw what do you suggest? :) 17:58 < Araluccl1> I can uncomment redirect gateway and leave dns push commented? 18:02 < Araluccl1> I tried... it doesnt disconnect but doesnt redirect eithrt... 18:03 <@krzee> im saying pushing 10.8.0.1 is no good 18:03 <@krzee> that tells the client to make that his dns server 18:03 <@krzee> but theres no server running there 18:04 < Araluccl1> I see 18:04 < Araluccl1> but without it it doesnt redirect traffic 18:04 -!- Denial [Denial@drgi.co.uk] has quit [] 18:04 < Araluccl1> the solution is run a dns server on vps? 18:04 <@krzee> and it works with it? 18:04 <@krzee> no, the solution is to put a real nameserver there if you wanna push a nameserver 18:04 < Araluccl1> it works but gest disconenccted after a minute or so 18:05 <@krzee> like 8.8.8.8 for example 18:05 < Araluccl1> ah...ok... I try 18:06 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 18:07 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:07 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 18:08 < Araluccl1> nope... ieven with push "dhcp-option DNS 8.8.8.8" ...i disconnect 18:11 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 18:13 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 18:15 < Araluccl0> im using this now push "redirect-gateway def1 bypass-dhcp" + push dhcp dns option... and didnt disconnect yet... 18:17 < Araluccl0> I think it works... no idea what it does... 18:17 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 18:17 < Araluccl0> but I think it works... 18:19 < Araluccl0> well..it works... I don't know how to thank you all ...really :) 18:20 < Araluccl0> Araluccl0 is connecting from *@216.231.135.109 :) ...its 1.20 am here...i guess ill go to sleep 18:21 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 18:25 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 18:31 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 18:32 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 18:32 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:36 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 18:36 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:41 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has joined #openvpn 18:47 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Quit: Rolybrau] 18:49 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:49 -!- caemir [~caemir@unaffiliated/caemir] has quit [Excess Flood] 18:50 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Client Quit] 18:51 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 18:51 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 18:53 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 19:01 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 19:01 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 19:01 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 19:06 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 19:10 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 19:11 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 19:11 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:11 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 19:13 -!- cconstantine_ [~cconstant@173.247.200.5] has joined #openvpn 19:15 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 19:17 < cconstantine_> hey all. I'm installing my first openvpn setup, and I appear to have hit a snag. I have the server running (debian 6.0), and a client (MacOSX lion using tunnelblick) connected with a TUN. The server has an internal network of 10.182.x.x, and I can ssh from the client to the server's 10.182.x.x ip (eth1's ip), but I can't seem to get it to ssh to other machines in the server's subnet. Could someone help me out? 19:19 < cconstantine_> the how to says to "Make sure that you've enabled IP and TUN/TAP forwarding on the OpenVPN server machine.". I've enabled ip forwarding, but I don't know how to enable TUN forwarding and the FAQ doesn't seem to cover it 19:26 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 19:26 -!- tekzilla [~jon@hmbg-4d06cd90.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:28 -!- tekzilla [~jon@hmbg-4d06cc62.pool.mediaWays.net] has joined #openvpn 19:35 -!- Gravitron [~admin@64.93.224.120] has joined #openvpn 19:35 -!- Gravitron [~admin@64.93.224.120] has quit [Changing host] 19:35 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 19:50 -!- _julian_ [~quassel@hmbg-5f76763a.pool.mediaWays.net] has joined #openvpn 19:54 -!- _julian [~quassel@hmbg-4d06c380.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 19:54 < cconstantine_> Haza! I got it: iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o -j MASQUERADE 20:00 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 20:06 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 20:06 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 20:08 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 20:22 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 20:24 < rob0> !route 20:24 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 20:24 < rob0> cconstantine_, ^^ the right answer. NAT makes it partially work, but routing is the real way. 20:38 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 20:50 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 20:58 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 21:10 * WebDawg http://wordpress.org/extend/plugins/sopa-strike/ 21:10 <@vpnHelper> Title: WordPress SOPA Strike « WordPress Plugins (at wordpress.org) 21:10 <+EugeneKay> Cool story bro. 21:12 -!- newl [~newl@97.75.165.156] has left #openvpn [] 21:15 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 21:18 -!- hkais1 [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has joined #openvpn 21:21 -!- hkais [~xenoadmin@stgt-5f701ab1.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 21:27 < jeev> in order for the strike banner to work, it needs to be done for more than a day. 21:29 -!- Guest11006 [SkyNet-200@gateway/shell/trekweb.org/x-jtbslgsopdmxqotx] has left #openvpn [] 21:32 -!- corretico [~luis@190.211.93.11] has joined #openvpn 21:32 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 21:53 -!- coolstar-pc [4cfd0338@gateway/web/freenode/ip.76.253.3.56] has joined #openvpn 21:54 < coolstar-pc> !welcome 21:54 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 21:54 < coolstar-pc> How do I use openvpn with a custom vpn server? 21:56 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has joined #openvpn 21:57 -!- MeanderingCode [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Ping timeout: 252 seconds] 22:01 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 255 seconds] 22:01 <+EugeneKay> !howto 22:01 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 22:02 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 22:09 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 22:13 -!- ponyofdeath [~vladi@cpe-75-80-175-217.san.res.rr.com] has quit [Quit: leaving] 22:13 -!- futurestack [~o_o@unaffiliated/futurestack] has quit [Ping timeout: 240 seconds] 22:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:17 -!- futurestack [~o_o@unaffiliated/futurestack] has joined #openvpn 22:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:29 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:03 < Autoeth> i need someone that has actually setup a bridged openvpn server anyone in here right now ? 23:04 < Autoeth> sorry on linux OS ? 23:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:45 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:49 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 23:50 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn --- Day changed Wed Jan 18 2012 00:16 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 00:22 <@vpnHelper> RSS Update - forum: [SOLVED] Accessing OpenVPN server from its public IP 00:28 <@vpnHelper> RSS Update - forum: [SOLVED] Accessing OpenVPN server from its public IP || Static IP Windows Please 00:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:52 <@vpnHelper> RSS Update - forum: redirect traffic to tunnel of one out of 2 network adapter 00:59 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Ping timeout: 240 seconds] 01:09 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 276 seconds] 01:16 -!- Netsplit *.net <-> *.split quits: wedge_, johnny_be_yell-1, Essobi, _julian_, dioz, Gravitro_, cconstantine_, bauruine, ScriptFanix, JoeK 01:18 -!- Netsplit over, joins: ScriptFanix, Gravitro_, _julian_, cconstantine_, bauruine, dioz, Essobi, wedge_, johnny_be_yell-1, JoeK 01:27 -!- hkais1 [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 01:52 <@vpnHelper> RSS Update - forum: OpenVPN Management kill cn of the flowchart 01:57 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 02:00 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has quit [Ping timeout: 276 seconds] 02:10 <@vpnHelper> RSS Update - forum: username-as-common-nameNot sensitive to big or small letters 02:11 -!- Nebukadneza [~Nebukadne@h1749472.stratoserver.net] has left #openvpn [] 02:21 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has joined #openvpn 02:22 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Ping timeout: 252 seconds] 02:23 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 02:25 -!- p3rror [~mezgani@41.249.12.201] has quit [Read error: Operation timed out] 02:28 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:28 <@vpnHelper> RSS Update - forum: any way to have log of users?? 02:40 <@vpnHelper> RSS Update - forum: Static IP Windows Please || I cannot get my openvpn client to connect to the server 02:46 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 02:46 <@vpnHelper> RSS Update - forum: any way to have log of users?? || Routing Client Traffic Through The Server 02:52 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets || redirect traffic to tunnel of one out of 2 network adapter 02:55 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 02:58 -!- dazo_afk is now known as dazo 02:59 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:14 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 03:15 -!- colopolo [5f86f74e@gateway/web/freenode/ip.95.134.247.78] has joined #openvpn 03:16 -!- mocas_ [~mocas@87-196-121-73.net.novis.pt] has quit [Ping timeout: 240 seconds] 03:16 < colopolo> Hi all 03:17 < colopolo> How can I get list of currently connected clients to my ovpn server? 03:21 -!- seekr [~Foo@209-6-86-244.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has joined #openvpn 03:21 <@dazo> colopolo: three ways: 1) look at log files, 2) enable --status file, and/or 3) enable --management 03:22 <@dazo> !man 03:22 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 03:22 -!- seekr [~Foo@209-6-86-244.c3-0.smr-ubr2.sbo-smr.ma.cable.rcn.com] has left #openvpn [] 03:23 <@dazo> well, there's a another approach as well ... using --client-connect/--client-disconnect and/or --learn-address script hooks, or writing a plug-in in C which is loaded via --plugin 03:23 <@dazo> (it all depends on how advanced you want to be) 03:25 < colopolo> looks hooks is a way to go for me 03:25 < colopolo> Thanks! 03:26 <@dazo> you're welcome! 03:27 < hyper_ch> hi dazo 03:27 <@dazo> hey! 03:29 < hyper_ch> dazo: you read gizmodo sometimes? 03:30 <@dazo> seldom 03:30 <@dazo> (mostly due to too little time :)) 03:31 < hyper_ch> dazo: I just wonder, does it take for you also a long time until a gizmodo article becomes "responsive"? 03:31 <@dazo> I'd have to test it out now 03:31 < hyper_ch> there seems to be some many things being loaded that at first it's not responsiv at all 03:31 < hyper_ch> e.g. http://gizmodo.com/5877084/why-android-handsets-are-bigger-than-the-iphone 03:31 <@vpnHelper> Title: Why Android Handsets are Bigger Than the iPhone (at gizmodo.com) 03:32 <@dazo> The page loads and is viewed quickly, but continues to load something afterwards ... 03:32 < hyper_ch> but can you scroll down while it's still loading other things? 03:32 <@dazo> I can scroll 03:33 <@dazo> (to a complete bottom even) 03:33 < hyper_ch> while it loads other stuff? hmmm 03:33 < hyper_ch> Firefox? 03:33 <@dazo> yupp ... latest which arrived Fedora 14 03:33 <@dazo> 3.6.34 03:34 < hyper_ch> I think I'll ahve to remove my FF profile 03:35 < hyper_ch> thx for testing 03:37 -!- colopolo [5f86f74e@gateway/web/freenode/ip.95.134.247.78] has quit [Ping timeout: 258 seconds] 03:37 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn || getting an open NAT in residence 03:37 <@dazo> SOPA/PIPA protests have really gotten started now ... 03:41 -!- coolstar-pc [4cfd0338@gateway/web/freenode/ip.76.253.3.56] has quit [Quit: Good Night Everyone] 03:44 <@dazo> http://www.osnews.com/ .... that's a cool approach ... 03:50 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn 03:53 -!- SigmaProjects [~SigmaProj@cpe-66-75-87-13.socal.res.rr.com] has quit [Ping timeout: 240 seconds] 03:56 <@vpnHelper> RSS Update - forum: any way to have log of users?? || username-as-common-nameNot sensitive to big or small letters 04:08 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 04:10 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 04:23 -!- master_of_master [~master_of@p57B52184.dip.t-dialin.net] has quit [Ping timeout: 252 seconds] 04:24 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 04:24 -!- master_of_master [~master_of@p57B55B13.dip.t-dialin.net] has joined #openvpn 04:26 <@vpnHelper> RSS Update - forum: any way to have log of users?? 04:29 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 04:32 <@vpnHelper> RSS Update - forum: any way to have log of users?? 04:50 <@vpnHelper> RSS Update - forum: any way to have log of users?? 05:08 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn 05:14 <@vpnHelper> RSS Update - forum: TFTP not working once connected through open vpn 05:46 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 05:47 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Read error: Connection reset by peer] 05:48 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 05:51 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 06:16 -!- pwrcycle [~pwrcycle@173.214.160.92] has joined #openvpn 06:32 <@vpnHelper> RSS Update - forum: connected via VPN, but having access errors 06:38 <@vpnHelper> RSS Update - forum: connected via VPN, but having access errors 06:39 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 260 seconds] 06:40 -!- dimir [~dimir@dimir.eu] has joined #openvpn 06:40 < dimir> hello there. 06:42 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 06:42 < dimir> I'm thinking to deploy OpenVPN. Our needs are pretty standard except that we would like to authenticate users via AD. I was checking for LDAP auth support in OpenVPN and I found out it. But I could not find answer to this question: Can I specify which LDAP object (user/group) is allowed to use OpenVPN service? 06:44 <@vpnHelper> RSS Update - forum: username-as-common-nameNot sensitive to big or small letters 06:46 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 06:46 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Client Quit] 06:50 <@vpnHelper> RSS Update - forum: any way to have log of users?? || connected via VPN, but having access errors 06:50 <@dazo> dimir: is it this one you've found? http://redmine.debuntu.org/projects/openvpn-ldap-auth/wiki#LDAP-plugin-configuration 06:50 <@vpnHelper> Title: openvpn-ldap-auth - Wiki - Redmine@Debuntu (at redmine.debuntu.org) 06:51 < dimir> dazo: no, this one: http://openvpn.net/index.php/access-server/docs/admin-guides/190-how-to-authenticate-users-with-active-directory.html :-D 06:52 <@vpnHelper> Title: How to authenticate users with Active Directory (at openvpn.net) 06:52 <@dazo> dimir: that's Access Server .... not the community version we support 06:52 <@dazo> !as 06:52 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 06:52 < dimir> oh. 06:52 < dimir> I see. 06:53 < dimir> I was looking for community version actually. So you mean community version does not have this web management UI? 06:53 <@dazo> correct 06:53 < dimir> dang 06:53 <@dazo> (OpenVPN AS uses the same community openvpn core under the hood, but they've wrapped it in with a webUI 06:54 < dimir> Oh. 06:54 <@dazo> (well, AS uses a OpenVPN v2.1 core) 06:54 < dimir> Good then. 06:54 < dimir> I basically do not care that much about the UI. But I'd like to know if I can select which LDAP object can use the service. 06:55 <@dazo> I don't know enough about LDAP (yet), but I believe the first pointer I gave you should be able to tackle that ... however, I don't know if that's been tested against AD LDAP for auth 06:56 <@dazo> chantra (who is the developer of that plug-in) might know better 06:56 <@vpnHelper> RSS Update - forum: connected via VPN, but having access errors 07:02 < dimir> dazo: I see, thanks. 07:02 < dimir> dazo: It shouldn't be hard to add such a filter in theory so maybe I could contribute a bit in that sense. 07:03 <@dazo> cool! 07:06 < dimir> :-) 07:08 < dimir> dazo: I guess this is how the one would start https://community.openvpn.net/openvpn/wiki/Contributing ? 07:08 <@vpnHelper> Title: Contributing – OpenVPN Community (at community.openvpn.net) 07:09 <@dazo> dimir: yeah, generally ... even though that's mostly aimed towards the core OpenVPN part ... the LDAP support is an external project which chantra is in the lead of, so I don't know if he has his own ways there 07:10 < dimir> dazo: oh, I see! 07:10 <@dazo> OpenVPN is incredibly flexible, so it's easy to put on extra stuffing on top 07:11 * dazo also got his own OpenVPN project on the side as well, which also does authentication stuff 07:11 < dimir> chantra: Hi there. Could you tell me if LDAP authentication supports filter, that is I'd like to select which LDAP object (user/group) is allowed to use VPN service? 07:11 <@dazo> !eurephia 07:11 <@vpnHelper> "eurephia" is http://www.eurephia.net/ 07:11 <@dazo> (not LDAP support there, yet, but I'm planning on it) 07:12 < dimir> Nice. 07:18 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 07:21 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:31 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has joined #openvpn 07:43 -!- nonotza [~nonotza@cpe-72-225-173-7.nyc.res.rr.com] has quit [Quit: nonotza] 07:54 -!- koaschten_ [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 07:56 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 252 seconds] 07:59 -!- n3wb13 [~newbie@83.149.126.31] has joined #openvpn 07:59 -!- krzie [nobody@openvpn/community/support/krzee] has joined #openvpn 08:03 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 08:06 -!- n3wb13 [~newbie@83.149.126.31] has left #openvpn ["Leaving"] 08:07 -!- krzie [nobody@openvpn/community/support/krzee] has quit [Ping timeout: 244 seconds] 08:08 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 08:18 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:21 -!- Tixos [~sg@95.140.125.31] has joined #openvpn 08:27 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks || Internet Speed with and without OpenVPN 09:03 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 240 seconds] 09:07 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has joined #openvpn 09:08 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Ping timeout: 248 seconds] 09:24 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 09:28 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:39 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 09:41 -!- cjs226 [~cjs226@99-61-65-242.lightspeed.austtx.sbcglobal.net] has quit [] 09:46 -!- APTX [APTX@unaffiliated/aptx] has quit [Quit: No Ping reply in 180 seconds.] 09:48 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 276 seconds] 09:49 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 09:49 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 09:49 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 09:49 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 09:51 <@vpnHelper> RSS Update - forum: openvpn not forwarding traffic to tap0 [SOLVED] 09:55 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 252 seconds] 09:57 <@vpnHelper> RSS Update - forum: Testing environment || openvpn not forwarding traffic to tap0 [SOLVED] 10:03 <@vpnHelper> RSS Update - forum: Windows 7 User Account Control Warning on each boot up? 10:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:13 -!- MarKsaitis_ [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:31 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Ping timeout: 244 seconds] 10:35 -!- treund [~treund@97.75.177.42] has joined #openvpn 10:39 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 10:42 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 10:46 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 10:46 -!- mode/#openvpn [+v s7r] by ChanServ 10:47 <+s7r> wow 2.2.2 release many thanks to all developers!!! 10:48 <+s7r> full ipv6 support krzee dazo 10:48 <+s7r> ? 10:48 <@dazo> s7r: nope ... that's in 2.3 10:48 <@dazo> 2.2.x have a IPv6 enabled TUN/TAP driver for Windows 10:49 <+s7r> ah, ok 10:49 <@dazo> (never new features in minor updates .... at least not on my shift) 10:49 <+s7r> i will read changelog now 10:49 <+s7r> so basically 2.2.2 has minor improvements against 2.2.1 10:49 <+s7r> new features only in major release, such as 2.3 ? 10:50 <@dazo> bugfixes, security fixes and such likes, that's minor releases 10:50 <@dazo> and yeah, new features only in major releases, as 2.3 will be 10:51 <@vpnHelper> RSS Update - forum: Windows 7 User Account Control Warning on each boot up? 10:57 -!- tekoholic [~quassel@97-118-207-247.hlrn.qwest.net] has joined #openvpn 11:01 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 11:01 -!- dazo is now known as dazo_afk 11:03 -!- krzee [krzee@openvpn/community/support/krzee] has quit [Ping timeout: 252 seconds] 11:09 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 11:11 -!- Tixos [~sg@95.140.125.31] has quit [Quit: Leaving.] 11:13 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 11:15 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 11:25 -!- treund [~treund@97.75.177.42] has left #openvpn [] 11:27 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 11:33 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:34 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: jIRCii - http://www.oldschoolirc.com] 11:40 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Max SendQ exceeded] 11:41 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 11:42 -!- koaschten_ is now known as koaschten 11:49 -!- c1de0x [~c1de0x@208.111.44.254] has quit [Ping timeout: 252 seconds] 12:03 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 248 seconds] 12:10 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 12:13 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 12:17 -!- rasyid7 [~3333@69.163.36.67] has quit [Read error: Connection reset by peer] 12:17 -!- rasyid7 [~3333@69.163.36.67] has joined #openvpn 12:18 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:18 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 12:22 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:24 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 12:32 -!- rasyid7 [~3333@69.163.36.67] has quit [Ping timeout: 272 seconds] 12:36 -!- mikmu [~chatzilla@24.114.223.218] has joined #openvpn 12:37 < mikmu> Hey there, quick question. I have a Peer-to-Peer SSL tunnel between two routers (PFSense and DD-WRT). The tunnel is up and running. Routers on each end can access the other's network, but workstations cannot send traffic through the tunnel 12:38 < mikmu> Do we have to manually add routes on the workstations? Site A is 10.0.0.0/24 and B is 10.10.1.0/24, routing through 10.99.1.0/24 12:39 < mikmu> Router at site B, 10.10.1.1 can access any ressource on the entire 10.0.0.0/24 network 12:39 < mikmu> But computers on Site B router can not ping or access services such as SMTP or ssh 12:40 < mikmu> And, router on site A cannot access SSH on router site B 12:41 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 12:45 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 12:48 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 12:48 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 12:52 < rob0> !route 12:52 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 12:52 < rob0> Each side has to know how to reach the other. 12:57 < mikmu> Hi rob0 12:57 < mikmu> I'll read the documents, I was adding routes directly on the windows PC with no success, as I didn't figure that it could be pushed from the router configuration 12:58 < mikmu> Since the PCs do not have any openVPN software on them 12:58 < mikmu> But I'll check with the openvpn configuration to see what I'll pick up. Thanks 13:03 < rob0> yw 13:04 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 13:11 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 244 seconds] 13:24 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [Ping timeout: 240 seconds] 13:29 < mikmu> hmm, may be problems with the implementation of openvpn on dd-wrt. I get ERROR: Linux route add command failed: external program exited with error status: 255 13:30 < mikmu> I seem to be able to add them by hand though 13:53 < Essobi> Does openvpn ever update a CCD file while running? 13:53 < Essobi> As in openvpn itself writing to the files, perhaps when a valid user connects? 13:58 < ecrist> no 13:59 < ecrist> CCD is never written to directly by openvpn 14:02 <@vpnHelper> RSS Update - forum: I cannot get my openvpn client to connect to the server 14:08 < Essobi> ecrist: Hmm.. Then I have a rogue SVN or some other processes updating these damned things. 14:08 < jeev> rob0. 14:08 < ecrist> perhaps, but openvpn doesn't update them. the atime of the file will be updated, generally by a system call to fopen() but not by openvpn directly. 14:09 < Essobi> tail -F MyUserName ; echo '#test' >> MyUserName ..... I connect to the VPN, and I see, "MyUserName has truncated" and the #test is gone. My CCD is only 1 line long to begin with... 14:09 < Essobi> But it only seems to happen when I connect... which I find odd. 14:09 < Essobi> ls -lart shows the same... ccd's being updated everytime someone connects. 14:10 < ecrist> !config 14:10 <@vpnHelper> (config []) -- If is given, sets the value of to . Otherwise, returns the current value of . You may omit the leading "supybot." in the name if you so choose. 14:10 < ecrist> !configs 14:10 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 14:11 < Essobi> Well... I'll wait till I can down the server. Just seems odd I can't do an atomic update on these files while openvpn is running, and I didn't expect it to be by design. 14:11 < Essobi> IIRC, this is an old version. 14:11 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 14:12 < Essobi> Ah, 2.1.1. 14:14 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 14:14 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 14:14 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 14:14 -!- mode/#openvpn [+v Axeman] by ChanServ 14:19 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 14:20 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 14:22 < Autoeth> anyone here that has actually setup a bridged openvpn server i did alot of reading ,but have some questions before i even attempt this ? 14:25 < mikmu> rob0: Thanks for the routing pointer. Got things up and running. Was definitely missing quite a bit of configuration. The routes, client-to-client and ccd files fixed things up. Thanks! 14:26 < ecrist> Autoeth: I run a bridged network. 14:28 < Autoeth> ecrist : cool can you clearify an overview of my statement. So my understanding is i setup a bridge to my internal network card and add a tap interface to that bridge so openvpn server can get to it. It also says that you might have problems creating a bridge upon bootup this is linux i am talking about. Or can you explain that overview ? 14:28 < rob0> mikmu, awesome, good to hear it, and congrats. 14:28 < ecrist> Autoeth: sounds about right. I'm a freebsd/mac os guy, so I can't tell you shit about that toy operating system you use. :P 14:29 < Autoeth> ecrist : lol ok can anyone else comment on that ? 14:30 < ecrist> I don't have problems creating it on boot on freebsd 14:31 < ecrist> given OS X is almost freebsd, I doubt I'd have problems there, either. 14:32 < ecrist> that being said, I'm sure anyone that knew what they were doing could do it on linux 14:32 < Autoeth> so you make the bridge and your dhcp server issues your tap an ip address ? 14:32 < Autoeth> all upon boot up ? 14:33 < ecrist> not quite 14:33 < ecrist> we statically assign our VPN a range inside a larger /16 subnet 14:34 < ecrist> we create a tap0 interface, bridge that with em0, and em0 has a static IP on the /16 subnet 14:34 < Autoeth> ok yah i guess i should of clearified better i would understand the part of static ips i guess i was trying to understand the overview of what actually happens in a dhcp sense. 14:36 < Autoeth> cause in the static mode your talking about your clients would also have to set there ip static in that range as well if you configure it that way. Would that be a correct statment. 14:36 < ecrist> no 14:36 < ecrist> I use openvpn to assign IPs to a /24 inside a /16 14:36 -!- mikmu [~chatzilla@24.114.223.218] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 14:37 < Autoeth> in that sense you would only have the option for openvpn to issue that one range that comes standard with openvpn server. How about that statement ? 14:38 < Autoeth> i think its like 192.168.x.x or something in that nature. 14:38 < ecrist> there is no 'range that comes standard' with openvpn 14:39 < ecrist> I think you should try reading the man page. 14:41 < Autoeth> what option would i be looking for in the man page ? 14:41 < Autoeth> where openvpn issues the dhcp clients addresses. 14:42 < ecrist> heh, the one where you think openvpn comes with an IP range 14:44 < Autoeth> ifconfig-pool is that the one you use ? 14:45 < ecrist> look for --server-bridge 14:46 < Autoeth> ok my understanding of server-bridge just opens that range to use as a bridge ,but doesn't force openvpn to issue dhcp clients an address in a certain range. 14:46 < ecrist> it doesn't, but can 14:46 < ecrist> try reading further 14:46 < ecrist> you *can* assign IPs from a separate DHCP server 14:48 < Autoeth> ok yah thats what i am trying to do i understood that part with the server-bridge allowing that open so a seperate dhcp server can assign them. 14:49 * ecrist goes away 14:50 < Autoeth> open =option 14:51 < Autoeth> then was trying to figure out what i problems that i have read on openvpn about making a bridge and tap on linux and it not booting up correctly thats why i wanted someone that had experienced that in linux. 14:58 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has quit [Quit: switching servers] 15:01 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 15:02 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has joined #openvpn 15:15 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 15:42 -!- hkais [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has joined #openvpn 15:56 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 15:56 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 15:56 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 15:58 < hyper_ch> good evening 16:01 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 16:07 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 16:09 -!- rasyid7 [~3333@183.78.21.183] has joined #openvpn 16:09 -!- rasyid7 [~3333@183.78.21.183] has quit [Client Quit] 16:11 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 16:12 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 16:14 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 16:14 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 16:14 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 16:14 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 16:15 -!- hkais [~xenoadmin@stgt-5f700db2.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 16:15 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 16:17 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has quit [Ping timeout: 252 seconds] 16:18 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 16:18 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Client Quit] 16:30 -!- Gravitron [~admin@64.93.224.120] has joined #openvpn 16:30 -!- Gravitron [~admin@64.93.224.120] has quit [Changing host] 16:30 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 16:33 -!- MeanderingCode_ [~Meanderin@97-123-15-175.albq.qwest.net] has quit [Read error: Connection reset by peer] 16:33 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Quit: Leaving] 16:33 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 16:35 -!- oc80z [oc80z@blea.ch] has quit [Excess Flood] 16:35 -!- oc80z [oc80z@blea.ch] has joined #openvpn 16:37 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 16:41 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 16:41 <@vpnHelper> RSS Update - forum: Simple connection does not work 16:43 -!- gffa [~gffa@unaffiliated/gffa] has quit [Quit: sleep] 16:45 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:47 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 16:50 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 16:58 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:05 <@vpnHelper> RSS Update - forum: Connection works but not all traffic routing even with redir 17:11 <@vpnHelper> RSS Update - forum: I connect but I see the network 17:11 < |Mike|> lol 17:25 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 17:33 -!- Denial [Denial@drgi.co.uk] has quit [Remote host closed the connection] 17:33 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 17:39 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 252 seconds] 17:40 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 17:42 < Essobi> anyone using CCDs mind checking if it updates the file when a user connects? a simple 'ls -lart /etc/openvpn/ccd/' should be enough to confirm if they're updating a lot.. 17:44 < Essobi> I see nothing in my configs that I think would do this... 17:47 -!- Autoeth [~nguyendp0@ip98-165-34-222.ph.ph.cox.net] has left #openvpn [] 17:47 -!- meepmeep [meepmeep@there-is-no.endoftheinternet.org] has joined #openvpn 17:49 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 17:49 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:49 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 17:50 -!- mode/#openvpn [+v Axeman] by ChanServ 17:57 < Essobi> any seen reports of openvpn server wiping out non ifconfig-push lines from ccd/$usernames? 18:01 < Essobi> on/14 18:01 < Essobi> *cough* 18:07 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn ["Leaving"] 18:09 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 18:11 <@vpnHelper> RSS Update - forum: What Linux Distro Has OpenVPN Installed? 18:12 < |Mike|> ??! 18:17 <@vpnHelper> RSS Update - forum: Windows 7 User Account Control Warning on each boot up? 18:50 -!- Denial [Denial@drgi.co.uk] has quit [] 19:00 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Read error: Operation timed out] 19:03 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 19:16 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 252 seconds] 19:28 -!- tekzilla [~jon@hmbg-4d06cc62.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 19:30 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has joined #openvpn 19:37 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 19:49 -!- _julian [~quassel@hmbg-5f7609cf.pool.mediaWays.net] has joined #openvpn 19:51 -!- treund [~treund@97.75.177.42] has joined #openvpn 19:52 -!- _julian_ [~quassel@hmbg-5f76763a.pool.mediaWays.net] has quit [Ping timeout: 260 seconds] 20:13 -!- treund [~treund@97.75.177.42] has left #openvpn [] 20:32 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has joined #openvpn 20:38 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has quit [Ping timeout: 260 seconds] 20:40 -!- zalzice [~zalzice@25.79-160-109.customer.lyse.net] has joined #openvpn 21:16 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 21:19 -!- Gravitron [~admin@64.93.226.137] has joined #openvpn 21:19 -!- Gravitron [~admin@64.93.226.137] has quit [Changing host] 21:19 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 21:40 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 21:40 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 245 seconds] 21:41 -!- catsup [d@ps38852.dreamhost.com] has quit [Ping timeout: 240 seconds] 21:47 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 21:50 -!- a [d@ps38852.dreamhost.com] has joined #openvpn 21:50 -!- a is now known as Guest34739 21:55 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 21:59 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 22:08 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Read error: Connection reset by peer] 22:08 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 22:08 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 22:11 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 22:11 -!- mgorbachi [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 22:13 -!- johnpat [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 22:14 -!- johnpat [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has quit [Client Quit] 22:19 <@vpnHelper> RSS Update - forum: Slow CentoOS openvpn client connection to server 22:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:56 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has quit [Excess Flood] 22:56 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:58 -!- pwrcycle [~pwrcycle@173.214.160.92] has quit [Changing host] 22:58 -!- pwrcycle [~pwrcycle@unaffiliated/pwrcycle] has joined #openvpn 23:03 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 23:03 -!- vereteran [~vereteran@static.88-198-170-117.clients.your-server.de] has joined #openvpn 23:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:14 -!- catsup [d@ps38852.dreamhost.com] has quit [Quit: leaving] 23:17 -!- Guest34739 [d@ps38852.dreamhost.com] has quit [Quit: Reconnecting] 23:17 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 23:24 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Ping timeout: 240 seconds] 23:24 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:24 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks 23:28 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:50 -!- virtuaposta [~suraj@117.195.33.156] has joined #openvpn 23:51 < virtuaposta> Greetings!! 23:52 < virtuaposta> I am trying to authenticate openvpn users through openldap, but while connecting from client, I am getting this in logs : TCP: connect to [AF_INET]xxx.xxx.xxx.xxx:1194 failed, will try again in 5 seconds: Connection refused. Any help please --- Day changed Thu Jan 19 2012 00:03 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 00:04 < kokozedman> hey guys, what is the most common way to shape an OpenVPN server? 00:06 < kokozedman> it seems that the server is sending out data at a much faster, too fast, that at the client ... the speed peaks-out, then goes down, then up and down, and so on 00:06 < kokozedman> when it does down, it really goes down to 0 00:06 < kokozedman> then it ramps back up 00:11 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Quit: Page closed] 00:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:21 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:32 -!- l0rd_hex [~rubit_man@S0106000024c61290.ed.shawcable.net] has left #openvpn ["just e to the step, flick it, stick it and cyalatabye!"] 00:47 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 01:09 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:13 <@vpnHelper> RSS Update - forum: Active directory and user groups 01:15 -!- hkais [~xenoadmin@stgt-4d02e95b.pool.mediaWays.net] has joined #openvpn 01:27 -!- raa [~nag@42.79-160-154.customer.lyse.net] has quit [Read error: Connection reset by peer] 01:28 -!- raa [~nag@42.79-160-154.customer.lyse.net] has joined #openvpn 01:31 -!- cconstantine_ is now known as cconstantine 01:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:43 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks || one Public IP => multiple VLANs (one per department) 01:44 <+EugeneKay> ^^ that guy needs a ccd and some firewall rules 01:46 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 01:49 -!- hkais [~xenoadmin@stgt-4d02e95b.pool.mediaWays.net] has left #openvpn ["PART #android-dev :JOIN #postfix-de"] 02:03 < virtuaposta> hi all 02:03 < virtuaposta> ovpn-client: read UDPv4 [ECONNREFUSED]: Connection refused (code=111) 02:03 < virtuaposta> can connect using my conf file but unable to connect via network-manager openvpn setup 02:12 -!- virtuaposta [~suraj@117.195.33.156] has quit [Ping timeout: 248 seconds] 02:13 -!- virtuaposta [~suraj@117.195.33.156] has joined #openvpn 02:36 < Olipro> that would likely be because the network manager setup is different 02:51 -!- jhp [~jhp@zeus.jhprins.org] has quit [Ping timeout: 252 seconds] 03:02 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 03:04 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Ping timeout: 240 seconds] 03:16 -!- dazo_afk is now known as dazo 03:26 <@vpnHelper> RSS Update - forum: Simple connection does not work 03:33 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN || Routed OpenVPN between two subnets 03:33 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:34 -!- Intensity [6zNDP14Gi1@unaffiliated/intensity] has quit [Ping timeout: 255 seconds] 03:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:38 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 03:39 < leno81> My server profider has given me a /64 ipv6 subnet 03:40 < hyper_ch> lucky you :) 03:40 < leno81> how do i give connecting clients an ipv6 public ip? 03:40 < hyper_ch> !ipv6 03:40 < leno81> have it running with standard ip4 atm 03:40 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 03:41 < leno81> !snapshots 03:41 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 03:41 < hyper_ch> but isn't the whole point of a vpn to have not public ips? 03:42 < leno81> i mean i'd like to give each client their own uniquie ip6 address 03:43 < hyper_ch> I don't know anything about ipv6 03:43 < leno81> it is confusing 03:43 < virtuaposta> hi all, facing some issues with openvpn+openldap setup 03:44 < virtuaposta> PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so 03:44 < virtuaposta> anyone? 03:44 < hyper_ch> !welcome 03:44 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 03:44 < leno81> maybe i should just use tap 03:44 < hyper_ch> !tunortap 03:44 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you over 03:44 <@vpnHelper> the vpn or (#4) lan gaming? use tap! 03:48 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:49 <@dazo> virtuaposta: check the log files for the openvpn-auth-ldap plug-in ... most likely it was a) not able to connect to the LDAP server, b) could not query the LDAP server (wrong bind address?), c) username and/or password was wrong 03:49 < hyper_ch> hi dazo 03:49 <@dazo> leno81: what do you want to do? just IPv6 or IPv6 through a VPN tunnel? 03:49 <@dazo> hyper_ch: hey! 03:50 < hyper_ch> dazo: what news do you bring? 03:50 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 03:50 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 03:50 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 03:50 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 03:50 <@dazo> hyper_ch: that the world seems to start yet another day, with the same usual world problems as ever? ;-) 03:51 < hyper_ch> dazo: like more senators dropping SOPA support? 03:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:51 <@dazo> dazo: nah, they're not dropping it after all ... just postponing it for February 03:51 < hyper_ch> dazo: why do you highlight yourself? 03:52 * dazo don't do that ... 03:52 <@dazo> ahh 03:52 <@dazo> duh! 03:52 <@dazo> too early! 03:52 < hyper_ch> hehehe :) 03:52 * dazo is still waking up :) 03:52 < leno81> im not sure why all these websites are blacking out, obama said he wont sign it 03:52 < hyper_ch> isn't it time for internet2 to pop up before internet1 gets regulated beyond recognition? 03:54 <@dazo> leno81: well, SOPA is one thing, PIPA is something very similar ... and this is to give some strong signals that the those lobbying (and paying) for such regulations will not get it easy 03:55 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 03:56 <@dazo> leno81: this is just as much a fight about Intellectual Property (IP) as well ... which is really making innovation difficult, as with IP comes patents .... and with patents, it's a short leap to software patents 03:56 <@dazo> . 03:56 < hyper_ch> I don't believe in Imaginary Property 03:57 <@dazo> It looks less dangerously if you just see SOPA/PIPA in a limited perspective (which the pro-SOPA advocates very well for) ... but it opens up for so much other troubles, which not just can but will be abused in the future 04:01 -!- Intensity [50OWyeK641@unaffiliated/intensity] has joined #openvpn 04:12 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B55B13.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 04:24 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro] 04:24 -!- master_of_master [~master_of@p57B52D8D.dip.t-dialin.net] has joined #openvpn 04:25 < leno81> anyone have any idea how to get the openvpn server to dole out ipv6 addresses to clients? 04:28 -!- sebyrock [~lazz.salv@2-228-122-114.ip191.fastwebnet.it] has joined #openvpn 04:28 < sebyrock> hi all 04:30 < sebyrock> is possible syncronize more people into VPN? 04:32 < virtuaposta> hi dazo yes the password was encrypted and thus not accepting, made entry in plane text and it at least access ldap but now I am under this error : TLS Error: TLS handshake failed any guidance over this? 04:32 <@dazo> leno81: did you read !ipv6? 04:33 <@dazo> !ipv6 04:33 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 04:33 -!- ScriptFan [~bofh@LLagny-156-34-26-176.w80-14.abo.wanadoo.fr] has joined #openvpn 04:33 <@dazo> leno81: and you must use a openvpn snapshot release ... openvpn v2.2 or earlier does not support ipv6 in this regard 04:34 <@dazo> virtuaposta: you need to share complete logs 04:34 <@dazo> !logs 04:34 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 04:34 <@dazo> !pastebin 04:34 <@vpnHelper> Miscellany || Someone || OS X keychain patch 04:34 <@dazo> ?? 04:35 <@dazo> !factoids search pastebin 04:35 <@vpnHelper> "pastebin" is please paste anything with more than 5 lines into pastebin or a similar website 04:35 < virtuaposta> pastebinin dazo give me few moments pleas 04:35 < virtuaposta> *please 04:36 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 04:36 -!- Intensity [50OWyeK641@unaffiliated/intensity] has quit [Ping timeout: 255 seconds] 04:40 -!- suraj_ [~suraj@117.195.45.240] has joined #openvpn 04:40 -!- leno81 [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 04:40 -!- suraj_ [~suraj@117.195.45.240] has quit [Client Quit] 04:40 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 04:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 04:42 -!- virtuaposta [~suraj@117.195.33.156] has quit [Ping timeout: 245 seconds] 04:43 -!- virtuaposta [~suraj@117.195.45.240] has joined #openvpn 04:43 < virtuaposta> dazo, here are the logs : http://pastebin.com/PxJHVstt 04:44 <@dazo> virtuaposta: that's not a complete log ... and verb is not high enough 04:46 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Quit: Anche il discorsismo ha un limitismo.] 04:47 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 04:47 < virtuaposta> dazo, I collected logs from last connection attempt, let me increase the verbosity and provide you with more detailed logs 04:52 -!- aaaaaaaaaaaaaasd [~leno81@124.78.163.178] has joined #openvpn 04:52 -!- aaaaaaaaaaaaaasd is now known as danniel 04:53 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 04:53 -!- mode/#openvpn [+v s7r] by ChanServ 04:53 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 276 seconds] 04:54 < virtuaposta> dazo, current logs for last attempt : http://pastebin.com/aD9ZBV4B let me know in case need to collect more 04:55 <@dazo> still not a *complete* log file 04:55 <@dazo> from the top of where OpenVPN starts 04:56 <@dazo> and still doesn't look like verb 4 04:56 <@dazo> or verb 5 04:56 < virtuaposta> dazo, its verb 4 i am using and logs are from the point where openvpn restarted :( 04:56 <@dazo> anyhow 04:56 <@dazo> O' 04:57 <@dazo> I'm missing the line where it says version information, and a dump of the parsed config file ... so this is not complete 04:57 < virtuaposta> let me give you complete vpn.log but it may include non-essential stuffs as well 04:57 <@dazo> Thu Jan 19 16:18:35 2012 us=976782 123.234.345.456:35791 PLUGIN_CALL: plugin function PLUGIN_AUTH_USER_PASS_VERIFY failed with status 1: /usr/lib/openvpn/openvpn-auth-ldap.so 04:57 <@dazo> Thu Jan 19 16:18:35 2012 us=976818 123.234.345.456:35791 TLS Auth Error: Auth Username/Password verification failed for peer 04:57 <@dazo> let me determine what's non-essential 04:57 <@dazo> but from what I see ... still LDAP issues here 04:59 < danniel> i just want to use openvpn as an ipv6 tunnel broker 04:59 < danniel> with ip4 as carrier 05:00 < danniel> my isp that my client laptop uses doesnt support ip6 but my vps isp does 05:01 <@dazo> !ipv6 05:01 <@vpnHelper> "ipv6" is (#1) http://www.greenie.net/ipv6/openvpn.html for ipv6 payload patch (adds some nice ipv6 options) or (#2) see !snapshots for a release with ipv6 patches in it, report how it works to help it get included in a stable release 05:01 <@dazo> !snapshot 05:01 <@dazo> danniel: ^^^ 05:02 < virtuaposta> dazo, http://pastebin.com/66zgGn1P 05:03 <@dazo> virtuaposta: look at line 301-305 .... that's LDAP troubles ... you need to sort out that ... and that's not an OpenVPN issue 05:06 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 05:07 -!- Intensity [bgdh4rG9xt@unaffiliated/intensity] has joined #openvpn 05:08 -!- virtuaposta [~suraj@117.195.45.240] has quit [Ping timeout: 240 seconds] 05:11 <@vpnHelper> RSS Update - forum: Computer Repair... 05:18 -!- danniel [~leno81@124.78.163.178] has quit [Read error: No route to host] 05:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 05:19 < epsilon> !ccd 05:19 <@vpnHelper> "ccd" is entries that are basically included into server.conf, but only for the specified client based on common-name. use --client-config-dir to enable it, then put the config options for the client in /common-name 05:20 < epsilon> how do I actually assign a client to a specific ccd? 05:21 -!- virtuaposta [~suraj@117.195.35.13] has joined #openvpn 05:23 < virtuaposta> ... 05:24 <+EugeneKay> epsilon - read the man page entry for --client-config-dir ;-) 05:25 -!- Deathvalley122 [~Death@localtel.eagleits.net] has quit [Excess Flood] 05:25 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:26 -!- Deathvalley122 [~Death@localtel.eagleits.net] has joined #openvpn 05:27 < epsilon> god, via filename... strange idea 05:29 <+EugeneKay> What would you suggest? Via magic? 05:29 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 05:29 < epsilon> a line like "commonname XYZ" in file 05:30 <+EugeneKay> So what would you name the files, then? 05:32 < epsilon> anything? My first thought was openvpn is parsing the config at startup, or on connect and applies the client-config... naver mind 05:35 <+EugeneKay> It reads them at connect time. 05:43 -!- virtuaposta [~suraj@117.195.35.13] has quit [Ping timeout: 252 seconds] 06:04 < defsdoor> epsilon, makes more sense also if you see what ccd-exclusive does 06:05 < defsdoor> quickest and simplest solution is to use the filesystem as a database - means external scripts etc.. can update the ccd settings without needing to reload a config 06:22 -!- Mowee [~Mowi@lendabrain.net] has quit [Quit: I don't discriminate, I hate everyone.] 06:25 -!- Mowee [~Mowi@lendabrain.net] has joined #openvpn 06:32 -!- caemir [~caemir@unaffiliated/caemir] has quit [Ping timeout: 240 seconds] 06:33 -!- CatKiller [~be@91.123.228.52] has joined #openvpn 06:33 < CatKiller> Hi there! 06:35 < CatKiller> I have a quick question about OpenVPN on Linux (Ubuntu 10.04): I am trying to restrict network access to specific users by using the "ccd" directory and following the official howto (chapter: "Configuring client-specific rules and access policies"). Everything seems fine, except that when the client connects, the "ccd" configuration does not seem to be used. 06:35 < CatKiller> There is one thing I think could be the issue: The "CN" of this client certificate has a space in it "FirstName LastName" 06:36 < CatKiller> I have the corresponding ccd file as /etc/openvpn/ccd/FirstName LastName 06:36 <+EugeneKay> OpenVPN normalizes CNs to use underscore(_) for invalid characters 06:36 < CatKiller> Is there something I'm missing? 06:36 < CatKiller> Hi Eugene, 06:37 <+EugeneKay> Try using ccd/First_Name 06:37 < CatKiller> Ok, so should I change the ccd file name to FirstName_LastName? 06:37 <+EugeneKay> Er, ccd/First_Last 06:37 <+EugeneKay> Correct. 06:37 < CatKiller> thanks! 06:37 <+EugeneKay> I *think* it uses the same normalization when looking for CNs as it does for scripts(see --no-name-remapping) 06:37 < CatKiller> Outstanding 06:37 < CatKiller> All ok now 06:38 < CatKiller> thanks a million 06:38 <+EugeneKay> Sure. 06:38 <+EugeneKay> I recommend sticking to [a-zA-Z0-9.] for CNs 06:38 < CatKiller> Momment of truth now (testing filtering). 06:38 < CatKiller> Yep. it was my first attempt, I wasn't too sure. 06:38 < CatKiller> I'll do that from now on 06:38 <+EugeneKay> I think @ is also valid 06:39 < CatKiller> (Just don't feel like reissuing the certificate on this one) 06:39 <+EugeneKay> You can use alternative subjet names for stuff like First Last name 06:39 <+EugeneKay> I'm not a fan of using @ in CNs because they're a special character in most shells 06:39 <+EugeneKay> At least, stuff like rsync :-p 06:39 < CatKiller> Yes I think I'll just stick with a short all lowercase name 06:40 < CatKiller> I just "modeled" it on various CNs I had seen on web certificatesd 06:40 <+EugeneKay> A decent model, usually. 06:40 < CatKiller> True 06:40 < CatKiller> filtering works as well. Tis great. One question though: 06:40 < CatKiller> I am a bit weary of filtering with a source IP 06:40 < CatKiller> Is it safe? I mean is there no way to spoof your source tunnel IP address in OpenVPN? 06:41 < CatKiller> the 10.8.0.0/24 source IP is allowed to access the entire network 06:41 < CatKiller> while the contractor in question has a 10.8.10.0/24 IP 06:42 < CatKiller> and a filter is in place when the source is not 10.8.0.0/24 06:42 <+EugeneKay> I'm not 100% on the underlying code, but I believe ccd-on-CN+iptables is "secure enough" for filtering. AFAIK, the server won't accept any client-spoofed IPs, just the one it pushes(if you're configured to push the ifconfig stuff) 06:42 < CatKiller> It's configured to push it 06:42 < CatKiller> great, that's pretty much what I wanted to know 06:42 <+EugeneKay> A more reliable way to do it is to use different OpenVPN instances 06:42 < CatKiller> so long as there is some mechanism to do it 06:42 < CatKiller> Very true 06:43 < CatKiller> However I may be having up to 10 different access types 06:43 <+EugeneKay> With static tun devices you can filter the whole block+adapter 06:43 < CatKiller> Then you're pretty sure that's true 06:43 < CatKiller> but if the IP is not easilly spoofable 06:43 < CatKiller> that's secure enough (for what I am using it for) 06:43 <+EugeneKay> Not enough to put money/a contract on it, but secure enough. 06:44 <+EugeneKay> Use the mailing list / find somebody who does the internals 06:44 < CatKiller> at the end of the day, we trust this contractor enough, it's simply to avoid "easy" hacks or inadvertent access to the contractor 06:44 < CatKiller> Thanks a lot 06:44 < CatKiller> will do 06:44 < CatKiller> Although after what you told me, since there is at least one mechanism to stop it it means to me that some precautions were taken 06:44 <+EugeneKay> "Defense in depth" 06:45 < CatKiller> The contractor is not going to try and hack us, just want to make sure that if someone was to get a hold of his certificate he couldn't easilly just grab everything 06:45 < CatKiller> I was given no time budget to do this so I'm not going to go the extra mile this time ;) 06:45 <+EugeneKay> Hehe 06:45 < CatKiller> I'll do the bare minimum 06:45 <+EugeneKay> Sounds like you're good, though. 06:45 < CatKiller> Thanks a lot for your help anyways! 06:46 < CatKiller> Not really. Learning mainly. I'm not a sysadmin really. We simply don't have one. 06:46 < CatKiller> Coding is mostly my job. 06:48 -!- Tixos [~sg@95.140.125.31] has joined #openvpn 06:48 < Tixos> hey, can someone tell me more about this error 06:48 < Tixos> Thu Jan 19 12:02:01 2012 read UDPv4 [EHOSTUNREACH]: No route to host (code=113) 06:48 <+EugeneKay> Tixos: https://en.wikipedia.org/wiki/ICMP_Destination_Unreachable 06:48 <@vpnHelper> Title: ICMP Destination Unreachable - Wikipedia, the free encyclopedia (at en.wikipedia.org) 06:48 < Tixos> after between 10-20 of this error, i get this line and a SIGUSR for restart 06:48 -!- cpm [~Chip@pdpc/supporter/active/cpm] has joined #openvpn 06:48 -!- stevieman [~Rob@72.38.184.18] has quit [Ping timeout: 240 seconds] 06:48 < Tixos> Thu Jan 19 12:03:49 2012 [server] Inactivity timeout (--ping-restart), restarting 06:50 < Tixos> EugeneKay: im not a provider, i am getting this error and i have contacted them, just wondering if you can explain why this might happen? seems to happen around the 1hour mark 06:51 <+EugeneKay> Stateful firewalls somewhere in between, router misconfiguration, rabid weasels in your undergarments.... 06:51 < Tixos> hmm 06:51 < Tixos> not a server issue ? 06:51 <+EugeneKay> Not necessarily, but possibly. 06:51 < Tixos> anyway to debug? 06:52 < Tixos> ive been trying to debug with him, 06:52 < Tixos> i went to running client from shell because i was told it was probably 'network manager' 06:52 <+EugeneKay> Regular MTR may give some indication about where the issue is, but not really, no. 06:53 <+EugeneKay> The fact that the connection works for an hour, then resets, tells me that it's probably some sort of funky firewall mechanism implemented by your ISP, but it could as easily be space aliens eating the packets. 06:54 <+EugeneKay> (this actually can happen: high-energy cosmic rays flip a coupla bits in a router or induce crosstalk in a copper GbE connection somewhere) 06:54 < Tixos> seems madness 06:55 < Tixos> it never used to happen 06:55 < Tixos> and he has recetly changed some scripting i think 06:55 <+EugeneKay> It boggles my mind that technology works to begin with. ;-) 06:56 <+EugeneKay> Without a server log there really isn't much I can tell you past that 06:56 < Tixos> ok thanks :) 06:56 < Tixos> anotehr question, someone here told me to use 'route' to check stats of my connection 06:57 < Tixos> im not quite sure of the expected output from it, without vpn enabled there is only eth0 interface, and with i have tun0, but should the VPN server IP be on the same line as the eth0 interface? 06:57 <@vpnHelper> RSS Update - forum: No local connection anymore when OpenVPN bridged enabled 07:03 <+s7r> ecrist: you there? 07:07 < ecrist> I am 07:07 < ecrist> just got here. 07:07 -!- cpm [~Chip@pdpc/supporter/active/cpm] has quit [Quit: cpm] 07:08 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 07:08 -!- corretico [~luis@190.211.93.11] has joined #openvpn 07:10 < ecrist> s7r: what's up? 07:12 <+s7r> hy. i wanted to ask you something. I have a vps with 2 public IP addr . can I config openvpn to listen on one, and assign the other one to client? i only need 1 concurent client at a time 07:13 < ecrist> not directly, no 07:13 <+EugeneKay> !nat 07:13 <@vpnHelper> "nat" is (#1) http://openvpn.net/howto.html#redirect for an explanation of NAT as it applies to openvpn or (#2) http://www.secure-computing.net/wiki/index.php/OpenVPN/FAQ#Traffic_forwarding_doesn.27t_work_when_using_client_specific_access_rules or (#3) dont forget to turn on ip forwarding or (#4) please choose between !linnat !winnat and !fbsdnat for specific howto 07:13 < ecrist> you'll run into issues handing out IPs on the same subnet as your server IP 07:14 <+s7r> i had from my ISP 07:14 <+EugeneKay> You'll need to use SNAT, though you can just do vanilla MASQUERADEing. 07:14 <+s7r> a server with /29 07:14 <+EugeneKay> (and use just the one IP) 07:14 <+s7r> and it could assign me public IP directly 07:15 <+EugeneKay> If you have a netblock routed TO your server, you can hand that block out via OpenVPN, or any other mechanism. But on-link subnets you can't do that, because the upstream router doesn't know how to do it. 07:16 <+EugeneKay> You can try stupid things like proxy-arp, but they're stupid and painful. 07:16 <+s7r> ok thanks 07:16 <+s7r> i didn't know how they did it 07:17 <+s7r> i think they had upstream router configured to know how to handle the /29 block 07:17 <+EugeneKay> Likely. 07:29 * ecrist would use FreeBSD and pf with binat 07:29 < ecrist> :) 07:34 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 07:35 < kokozedman> hello again guys... 07:35 < kokozedman> anyone with some kind of cookbook traffic shapping for OpenVPN? 07:36 < kokozedman> my server is sending data to my clients at a much too fast rate, and things gets buffered (i guess) 07:36 < kokozedman> and things tend to melt down over and over again 07:38 < reiffert_> !howto 07:38 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:39 < reiffert_> sorrz. 07:39 < reiffert_> !man 07:39 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 07:39 < reiffert_> !factoids search --values shape 07:39 <@vpnHelper> No keys matched that query. 07:39 < reiffert_> !factoids search shape 07:39 <@vpnHelper> No keys matched that query. 07:39 < reiffert_> see --shaper in the manpage. 07:42 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 07:43 < kokozedman> reiffert_: problem is, that doesn't work in server mode 07:43 < reiffert_> prove. 07:45 < kokozedman> reiffert_: or has that changed in newer versions? look here: https://forums.openvpn.net/topic7686.html 07:45 <@vpnHelper> Title: OpenVPN Support Forum --shaper and --server together : Wishlist (at forums.openvpn.net) 07:47 < kokozedman> i'm using 2.2.0 on Ubuntu server 11.10 07:48 < reiffert_> dazo: any comments on kokozedman? 07:48 * dazo looks 07:49 <@dazo> kokozedman: that's basically not a openvpn problem. OpenVPN is like a virtual network cable, and you can't traffic shape that cable directly ... you need to do that via 'tc' (in Linux) or similar OS dependent tools 07:50 < reiffert_> so what is the --shaper option used for then? 07:50 < kokozedman> dazo: yes, i have been reading about that a lot lately... but i'm not sure how to cope with tc... at least, none worked for me so far 07:50 < kokozedman> so, i'm currently been looking if there is a kind of generic ways 07:51 <@dazo> reiffert_: it was an attempt, but it's only partly useful traffic being sent out, on the side it is configured .... I imagine that shaper crap will be taken out of openvpn at some point, as it's not really delivering what people expect these days 07:51 <@dazo> kokozedman: 07:51 <@dazo> kokozedman: tc is the generic way 07:51 < kokozedman> because i'm thinking i'm not the only person who has come across this problem, and i thought may be, there is already a kind of template for tc, specially meant for folks of the OpenVPN 07:52 < reiffert_> what about tc on windows and bsd? 07:52 <@dazo> reiffert_: then you need to use whatever tools those platforms supports 07:52 < kokozedman> dazo: yes, i agree... but just thought someone already thought about creating a kind of cookbook page on tc, FOR OpenVPN 07:53 < kokozedman> reiffert_: windows has a bunch of traffic limiting softwares 07:54 <@dazo> kokozedman: I'm not that active in this channel, so I can't say anything to how often this pops up here ... but it comes from time to time, and none which I know of have published any how-tos, blogs or wikis for that 07:54 < kokozedman> i see 07:55 <@dazo> kokozedman: having that said, if you want your 15 min of fame, please dig deep on this topic and you can publish such an article (the community wiki is an alternative if you don't have your own) ... and you'll do us all a great favour :) 07:56 < kokozedman> :) 07:59 <@vpnHelper> RSS Update - forum: Give users access to different individual private networks 08:01 -!- zokko [bbajorek@unaffiliated/zokko] has joined #openvpn 08:01 < zokko> hi guys 08:05 < zokko> anyone can help with routing? 08:05 < zokko> i have 10.8.0.0 subnet on tun0 and 192.168.2.0/24 on eth0 08:06 < zokko> i need client from 10.8.* to reach 192.168.2.* 08:06 < zokko> how can i achieve it? 08:09 < rob0> as long as each side knows how to reach the other, and the openvpn server is doing packet forwarding, it works. 08:09 < rob0> !route 08:09 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 08:20 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 08:21 < zokko> rob0: i can ping only one ip on 192.168.2.0/24 08:21 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Client Quit] 08:29 -!- noisebleed_ [~quassel@lula.inescn.pt] has joined #openvpn 08:29 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 248 seconds] 08:31 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 08:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 08:38 < zokko> i made it 08:38 < zokko> rob0: thank for that doc 08:38 < zokko> s/thank/thanks 08:39 < rob0> great, congrats 08:39 -!- p3rror [~mezgani@41.205.221.206] has quit [Ping timeout: 260 seconds] 08:45 -!- dazo is now known as dazo_afk 08:47 <@vpnHelper> RSS Update - forum: What Linux Distro Has OpenVPN Installed? || Slow CentoOS openvpn client connection to server || Internet Speed with and without OpenVPN 08:49 -!- dazo_afk is now known as dazo 08:50 < kokozedman> i'm using the ipp.txt file (which is describled in the howto) ... but the strange thing is that IP addresses the Openvpn puts in that file does not reflect the reality 08:50 < kokozedman> for example, for my common name, i see 10.8.0.4 ... but in reality, my address is actually 10.8.0.6 08:50 < kokozedman> why is that? 08:51 <@dazo> kokozedman: probably it tells about the /30 net it has assigned 08:51 <@dazo> !/30 08:51 <@vpnHelper> "/30" is (#1) http://openvpn.net/index.php/open-source/faq/77-server/273-qifconfig-poolq-option-use-a-30-subnet-4-private-ip-addresses-per-client-when-used-in-tun-mode.html (sorry for the long link, they wont fix the anchors) explains why routed clients each use 4 ips or (#2) you can avoid this behavior by reading !topology or (#3) so by default, first client is .6, then .10 .14 .18 etc etc or (#4) use 08:51 <@vpnHelper> openvpn --show-valid-subnets to see the subnets you can use in net30 08:52 -!- Axeman [~Axeman3@198.105.46.46] has joined #openvpn 08:52 -!- Axeman [~Axeman3@198.105.46.46] has quit [Changing host] 08:52 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 08:52 -!- mode/#openvpn [+v Axeman] by ChanServ 08:52 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 08:53 < kokozedman> dazo: i see, thanks for the heads-up 08:53 <@vpnHelper> RSS Update - forum: I connect but I see the network 08:53 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn [] 08:59 <@vpnHelper> RSS Update - forum: Error using tun4 09:02 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 09:07 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 09:11 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:16 -!- Harley [~Harley@110.184.82.154] has joined #openvpn 09:18 -!- Harley [~Harley@110.184.82.154] has quit [Remote host closed the connection] 09:18 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:25 -!- dimir [~dimir@dimir.eu] has quit [Read error: No route to host] 09:35 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 260 seconds] 09:41 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 09:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 09:42 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 09:48 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 09:52 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Linux? || [Help] Secure or Not? 09:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 252 seconds] 09:55 -!- _julian [~quassel@hmbg-5f7609cf.pool.mediaWays.net] has quit [Ping timeout: 244 seconds] 09:58 <@vpnHelper> RSS Update - forum: Can OpenVPN be installed on Linux? 09:59 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:11 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 10:17 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has quit [Ping timeout: 248 seconds] 10:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:20 -!- Harley [~Harley@182.149.75.32] has joined #openvpn 10:21 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 10:22 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:24 -!- crissi- [crissi@wohnt.auf.Deep-Space-Nine.eu] has joined #openvpn 10:24 < crissi-> hello 10:24 -!- diemaco [~doom@2001:470:1d:5d8:4c8e:9396:7d4a:cdc3] has joined #openvpn 10:25 -!- Harley [~Harley@182.149.75.32] has quit [Ping timeout: 276 seconds] 10:25 < leno81> hello 10:25 < crissi-> i have a problem running openvpn in bridging mode (udp, no encryption)... its slow (~ 200/s). 10:25 < crissi-> where to search for ther problem? 10:26 < crissi-> the client is a small router (wrt54gl) but cpu is only about 19% 10:28 <+EugeneKay> "in bridging mode" <---- there's your problem ;-) 10:28 < crissi-> huh? 10:28 < crissi-> why that should be a problem? 10:28 <+EugeneKay> Because bridging mode is crap. 10:29 < crissi-> its only to connect some networks together.. should not a problem with speed 10:29 <+EugeneKay> You might only be eating 19% cpu, but you're inserting connection-lag between layer 2 and layer 3. Normally the lag on that portion is the time it takes for the packet to make it from your NIC's copper port to the CPU ;-) 10:29 < crissi-> hm 10:30 <+EugeneKay> If you're running openvpn on the routers of both networks anyway, use routing. Really. 10:30 <+EugeneKay> !tunortap 10:30 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you 10:30 <@vpnHelper> over the vpn or (#4) lan gaming? use tap! 10:30 < crissi-> i use tap 10:31 <+EugeneKay> Bad juju ;-) 10:33 < crissi-> tun is better in speed case? 10:33 < crissi-> i need bridging because arp and so on 10:33 < crissi-> dhcp, eg 10:34 < pwrcycle> crissi-: no, use tun like he says. 10:35 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 10:38 -!- danniel [~leno81@124.78.163.178] has joined #openvpn 10:38 < danniel> . 10:38 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 10:39 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 245 seconds] 10:40 -!- sebyrock [~lazz.salv@2-228-122-114.ip191.fastwebnet.it] has quit [Quit: etciù] 10:42 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:42 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 10:58 < danniel> 2.2.0-3.el6.rf is latest stable? 10:59 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 11:04 -!- beerbro [~gustav@unaffiliated/beerbroy] has quit [Excess Flood] 11:06 -!- beerbro [~gustav@109.75.189.98] has joined #openvpn 11:08 < hyper_ch> good evening 11:09 -!- danniel [~leno81@124.78.163.178] has quit [] 11:09 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 11:09 < leno81> evening 11:10 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 252 seconds] 11:11 -!- beerbro [~gustav@109.75.189.98] has quit [Changing host] 11:11 -!- beerbro [~gustav@unaffiliated/beerbroy] has joined #openvpn 11:14 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 11:19 < leno81> i dont quite understand what the latest stable version is 11:19 < leno81> what is version 2.3-2 11:19 < leno81> from repos.openvpn.net-CentOS6-snapshots 11:20 < leno81> but on the main website it says stable version is 2.2.2 11:21 -!- danniel [~leno81@208.111.39.186] has joined #openvpn 11:21 -!- leno81 [~leno81@208.111.39.186] has quit [Read error: Connection reset by peer] 11:22 -!- danniel [~leno81@208.111.39.186] has quit [Client Quit] 11:22 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 11:22 -!- Tixos [~sg@95.140.125.31] has quit [Quit: Leaving.] 11:23 -!- noisebleed [~quassel@lula.inescn.pt] has joined #openvpn 11:23 -!- noisebleed [~quassel@lula.inescn.pt] has quit [Changing host] 11:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 11:24 -!- noisebleed_ [~quassel@lula.inescn.pt] has quit [Ping timeout: 252 seconds] 11:26 <@vpnHelper> RSS Update - forum: I connect but I see the network 11:28 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has joined #openvpn 11:29 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 11:30 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:30 < leno81> !snapshot 11:30 < leno81> !snapshots 11:30 <@vpnHelper> "snapshots" is (#1) weekly dev snapshots are available from ftp://ftp.secure-computing.net/pub/openvpn or (#2) by helping test these features, and reporting back on either of the mailing lists, you can help these features become part of the stable branch 11:35 -!- caemir [~caemir@unaffiliated/caemir] has joined #openvpn 11:35 -!- windwhinny [~wircer@113.94.223.70] has joined #openvpn 11:35 -!- windwhinny [~wircer@113.94.223.70] has left #openvpn [] 11:46 -!- Diffen [~diffen@c-e728e555.09-107-73746f10.cust.bredbandsbolaget.se] has joined #openvpn 11:53 -!- wedge_ [lordsilenc@bigfoot.xh.se] has quit [Ping timeout: 260 seconds] 11:53 -!- wedge [lordsilenc@bigfoot.xh.se] has joined #openvpn 11:56 <@vpnHelper> RSS Update - forum: Internet Speed with and without OpenVPN 12:05 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 12:21 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 12:24 -!- Diffen [~diffen@c-e728e555.09-107-73746f10.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 12:28 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 12:32 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Remote host closed the connection] 12:37 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 12:39 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 12:57 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 13:01 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has joined #openvpn 13:01 -!- mape2k [~mape2k@2001:6f8:133b:0:21f:3bff:fe27:21a9] has quit [Client Quit] 13:06 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 240 seconds] 13:08 -!- mape2k [~mape2k@f053198046.adsl.alicedsl.de] has joined #openvpn 13:20 -!- dazo is now known as dazo_afk 13:21 < astrostl> i have three hosts: 10.0.1.12 - 14, all of which have the same routes and are behind the same openvpn server (.6). i can reach 12 and 14, but not 13. it isn't a firewall issue. any tips for troubleshooting/ 13:21 < astrostl> ? 13:22 <@vpnHelper> RSS Update - forum: Simple connection does not work 13:23 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 240 seconds] 13:25 -!- [zs] [~zs@204.152.201.79] has joined #openvpn 13:27 -!- [zs] [~zs@204.152.201.79] has left #openvpn ["PING 1327001227"] 13:39 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 13:52 -!- mape2k [~mape2k@f053198046.adsl.alicedsl.de] has quit [Quit: Leaving] 14:02 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has quit [Quit: Verlassend] 14:14 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 14:21 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 14:25 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 14:25 -!- Araluccl0 [~lallo@151.77.69.93] has joined #openvpn 14:26 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 14:30 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 14:30 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 14:30 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 14:31 -!- Araluccl0 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 14:31 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 14:32 -!- Araluccl1 [~lallo@151.77.69.93] has joined #openvpn 14:33 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:36 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 14:39 -!- lbalbalba [lbalbalba@dhcp-077-251-003-044.chello.nl] has joined #openvpn 14:40 < lbalbalba> !welcome\ 14:40 < lbalbalba> !welcome 14:40 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 14:41 -!- Araluccl0 [~lallo@151.77.196.13] has joined #openvpn 14:44 -!- Araluccl1 [~lallo@151.77.69.93] has quit [Ping timeout: 252 seconds] 14:56 < lbalbalba> hi 14:56 < lbalbalba> I have been playing around with the clang static analyzer (http://clang-analyzer.llvm.org/) 14:57 <@vpnHelper> Title: Clang Static Analyzer (at clang-analyzer.llvm.org) 14:57 < lbalbalba> Running it on openvpn, I got these results, people may want to look at ? : 14:57 < lbalbalba> http://lbalbalba.x90x.net/ccc-analyzer/clang%20v3.1%20trunk%20rev.%20148484/scan-build-openvpn-2.2.2/ 14:57 <@vpnHelper> Title: openvpn-2.2.2 - scan-build results (at lbalbalba.x90x.net) 14:58 < lbalbalba> if the analysis is correct, there are a few dereferences of null pointers 15:04 <+EugeneKay> Patches welcome. 15:05 < lbalbalba> as always :) need to figure out if the analysis is indeed correct, though 15:05 < krzee> may be worth mentioning in #openvpn-devel 15:05 < lbalbalba> ah. got it 15:09 -!- lbalbalba [lbalbalba@dhcp-077-251-003-044.chello.nl] has quit [Quit: HydraIRC -> http://www.hydrairc.com <- The professional IRC Client :D] 15:20 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 244 seconds] 15:43 -!- noisebleed_ [~quassel@kermit.inescn.pt] has joined #openvpn 15:44 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 240 seconds] 15:53 -!- p3rror [~mezgani@41.140.34.179] has joined #openvpn 16:04 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Read error: Connection reset by peer] 16:08 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 16:09 <@vpnHelper> RSS Update - forum: Newbee Help Please 16:16 -!- treund [~treund@97.75.177.42] has joined #openvpn 16:33 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer] 16:49 -!- treund [~treund@97.75.177.42] has left #openvpn [] 17:01 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 17:02 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has quit [Read error: Operation timed out] 17:08 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has joined #openvpn 17:13 -!- [zs] [~zs@173.234.43.202] has joined #openvpn 17:20 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 17:20 -!- mgorbachi [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Connection reset by peer] 17:22 -!- tekzilla [~jon@hmbg-5f77d3ce.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 17:24 -!- p3rror [~mezgani@41.140.34.179] has quit [Ping timeout: 240 seconds] 17:27 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:29 -!- [zs] [~zs@173.234.43.202] has quit [Quit: Quit] 17:33 -!- JohnnyLotus [~pierre@139.11.41.4] has joined #openvpn 17:47 -!- Harley [~Harley@182.149.56.190] has joined #openvpn 17:48 -!- tekzilla [~jon@hmbg-4d06f59f.pool.mediaWays.net] has joined #openvpn 17:50 -!- jpsil [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 17:58 <@vpnHelper> RSS Update - forum: Computer Repair... 18:02 -!- treund [~treund@97.75.177.42] has joined #openvpn 18:10 -!- JohnnyLotus [~pierre@139.11.41.4] has left #openvpn ["Konversation terminated!"] 18:11 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has joined #openvpn 18:12 -!- Transformer [~Transform@ool-4a59e397.dyn.optonline.net] has left #openvpn [] 18:13 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 18:13 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 18:13 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 18:17 -!- Denial [Denial@drgi.co.uk] has quit [] 18:24 -!- Harley [~Harley@182.149.56.190] has quit [Remote host closed the connection] 18:25 -!- Harley [~Harley@182.149.56.190] has joined #openvpn 18:39 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 260 seconds] 18:40 -!- zeshoem [~zee@108.162.156.19] has quit [Ping timeout: 245 seconds] 18:49 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 18:51 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 18:53 -!- Araluccl0 [~lallo@151.77.196.13] has quit [Ping timeout: 252 seconds] 18:53 -!- tjz [~pc@unaffiliated/tjz] has quit [Ping timeout: 248 seconds] 18:53 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 18:53 -!- noisebleed_ [~quassel@kermit.inescn.pt] has quit [Ping timeout: 245 seconds] 18:57 -!- tjz [~pc@bb116-14-174-68.singnet.com.sg] has joined #openvpn 18:57 -!- tjz [~pc@bb116-14-174-68.singnet.com.sg] has quit [Changing host] 18:57 -!- tjz [~pc@unaffiliated/tjz] has joined #openvpn 18:58 -!- Harley [~Harley@182.149.56.190] has quit [Remote host closed the connection] 18:58 -!- Araluccl0 [~lallo@151.77.196.13] has joined #openvpn 18:58 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 19:00 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 19:03 -!- Araluccl0 [~lallo@151.77.196.13] has quit [Ping timeout: 252 seconds] 19:26 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 252 seconds] 19:30 -!- Cr4zi3 [killaz@staff.xbins.org] has quit [Ping timeout: 244 seconds] 19:48 <+EugeneKay> !download 19:48 <@vpnHelper> "download" is (#1) http://www.openvpn.net/download to download OpenVPN or (#2) OpenVPN's Windows installer now includes OpenVPN GUI. Don't bother with http://openvpn.se anymore or (#3) Don't trust download.com at all. It provides an extremely old version with malware: http://insecure.org/news/download-com-fiasco.html 19:53 <+EugeneKay> !winshortcut 19:53 <@vpnHelper> "winshortcut" is To start OpenVPN-GUI easily on Windows, make a shortcut and set the Target as: \"C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe\" --config_dir \"C:\path\to\config\" --connect client.ovpn --show_balloon 0 --silent_connection 1 --show_script_window 0 20:01 -!- treund [~treund@97.75.177.42] has left #openvpn [] 20:06 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 20:14 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has joined #openvpn 20:20 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 20:23 -!- Axeman [~Axeman3@knox.pace.edu] has joined #openvpn 20:23 -!- Axeman [~Axeman3@knox.pace.edu] has quit [Changing host] 20:23 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 20:23 -!- mode/#openvpn [+v Axeman] by ChanServ 20:23 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 252 seconds] 20:32 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 20:35 <+EugeneKay> !net30 20:35 <@vpnHelper> "net30" is "/30" is (#1) http://openvpn.net/index.php/documentation/faq.html#slash30 explains why routed clients each use 4 ips, or (#2) you can avoid this behavior with by reading !topology 20:35 <+EugeneKay> !topology 20:36 <@vpnHelper> "topology" is (#1) it is possible to avoid the !/30 behavior if you use 2.1+ with the option: topology subnet This will end up being default in later versions. or (#2) Clients will receive addresses ending in .2, .3, .4, etc, instead of being divided into 2-host subnets. or (#3) See http://osdir.com/ml/network.openvpn.devel/2005-09/msg00020.html for more history on this. 20:37 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 20:41 -!- X0Rc0re [~chatzilla@58-7-130-107.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 20:55 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Connection reset by peer] 20:59 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 21:08 -!- corretico [~luis@190.211.93.11] has joined #openvpn 21:36 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 21:36 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 21:36 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 21:36 -!- mode/#openvpn [+v Axeman] by ChanServ 21:42 -!- brah [~watter@host168.201-252-195.telecom.net.ar] has joined #openvpn 21:49 <@vpnHelper> RSS Update - forum: Slow CentoOS openvpn client connection to server 22:09 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Read error: Operation timed out] 22:16 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:44 -!- leno81 [~leno81@124.78.163.178] has joined #openvpn 22:44 -!- leno81 [~leno81@124.78.163.178] has quit [Client Quit] 22:53 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has joined #openvpn 22:57 -!- noisebleed_ [~quassel@lula.inescn.pt] has joined #openvpn 22:57 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Ping timeout: 240 seconds] 22:59 -!- SigmaProjects [~SigmaProj@cpe-66-74-191-116.socal.res.rr.com] has joined #openvpn 23:02 -!- virtuaposta [~suraj@117.195.36.205] has joined #openvpn 23:04 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has quit [Ping timeout: 252 seconds] 23:05 -!- bigpaws [~bigpaws@c-68-37-125-150.hsd1.nj.comcast.net] has joined #openvpn 23:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:23 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 23:38 -!- mohi666 [~mohi@c-76-103-53-145.hsd1.ca.comcast.net] has quit [Quit: Leaving] 23:51 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:55 -!- havoc [~havoc@neptune.chaillet.net] has quit [Ping timeout: 252 seconds] 23:55 -!- havoc [~havoc@neptune.chaillet.net] has joined #openvpn --- Day changed Fri Jan 20 2012 00:01 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:20 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:25 < virtuaposta> hello everyone!! 00:25 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:27 < virtuaposta> I have configured openvpn+openldap using openvpn-auth-ldap, but while connecting from client, server complains that user not found. Any guidance please here are the logs : http://pastebin.com/dJtzbMJx 00:30 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:33 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Ping timeout: 260 seconds] 00:37 -!- Cr4zi3 [~killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 00:54 < virtuaposta> any help in following? : I have configured openvpn+openldap using openvpn-auth-ldap, but while connecting from client, server complains that user not found. Any guidance please. Here are the logs : http://pastebin.com/dJtzbMJx 00:56 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:14 -!- Cr4zi3 [~killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has quit [Remote host closed the connection] 01:19 -!- Cr4zi3 [killaz@crazie2-1-pt.tunnel.tserv12.mia1.ipv6.he.net] has joined #openvpn 01:45 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 01:50 -!- virtuaposta [~suraj@117.195.36.205] has quit [Ping timeout: 255 seconds] 01:57 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 02:03 -!- zeshoem [~zee@108.162.156.19] has quit [Ping timeout: 240 seconds] 02:23 -!- noisebleed [~quassel@kermit.inescn.pt] has joined #openvpn 02:23 -!- noisebleed [~quassel@kermit.inescn.pt] has quit [Changing host] 02:23 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 02:23 -!- noisebleed_ [~quassel@lula.inescn.pt] has quit [Ping timeout: 240 seconds] 02:45 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has joined #openvpn 02:45 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has quit [Ping timeout: 260 seconds] 02:49 -!- ScriptFan [~bofh@LLagny-156-34-26-176.w80-14.abo.wanadoo.fr] has quit [Ping timeout: 260 seconds] 02:55 <@vpnHelper> RSS Update - forum: Please help me with OPENVPN || cannot ping openvpn server 02:57 -!- phrearch [~phrearch_@212-182-144-130.ip.telfort.nl] has joined #openvpn 02:57 < phrearch> hello 02:57 < phrearch> does anyone know how to allow tunneled ssh connections with iptables? 02:57 < phrearch> i would like to block all traffic except everything coming from the tunnel 02:58 < phrearch> so far i got http://paste.pocoo.org/show/537653/ 02:59 < reiffert_> iptables -I INPUT -i tun0 ! -p tcp --dport 22 -j ACCEPT 02:59 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 02:59 < reiffert_> ah well, put the ! before --dport 02:59 < phrearch> ow great! 02:59 < phrearch> thanks, ill give that a try 02:59 < reiffert_> oh so wrong. 02:59 < reiffert_> ok here's the deal. 02:59 < phrearch> ok :) 02:59 < reiffert_> iptables -I INPUT -i lo0 -j ACCEPT 02:59 < reiffert_> iptables -I INPUT -i eth0 -j ACCEPT 03:00 < phrearch> ehm, eth0 as well? 03:01 -!- virtuaposta [~suraj@114.143.184.114] has joined #openvpn 03:01 < reiffert_> iptables -I INPUT -i tun0 -p tcp --dport 22 -j ACCEPT 03:01 < reiffert_> iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 03:01 < reiffert_> iptables -P INPUT DROP 03:01 < reiffert_> drone 03:01 < reiffert_> s,drone,done 03:02 < reiffert_> remove that eth0 line once it's working as expected 03:02 < reiffert_> dont forget to add 03:02 -!- reiffert_ was kicked from #openvpn by vpnHelper [Flooding detected. Please use http://pastebin.com for posting logs or configs.] 03:02 -!- reiffert_ [~thomas@mail.reifferscheid.org] has joined #openvpn 03:02 < phrearch> ok thanks for the help 03:02 < reiffert_> fuck you. 03:02 < reiffert_> dont forget to add 03:02 < reiffert_> iptables -I INPUT -p udp --dport 1194 -j ACCEPT 03:02 < phrearch> aha, thats for openvpn ? 03:03 < reiffert_> yeah 03:03 < phrearch> cool 03:03 -!- Azrael808 [~peter@212.161.9.162] has quit [Client Quit] 03:07 -!- Azrael808 [~peter@212.161.9.162] has joined #openvpn 03:07 < phrearch> hm 03:07 < phrearch> http://paste.pocoo.org/show/537659/ 03:07 < phrearch> somehow it still blocks ssh 03:09 < phrearch> there are two eth0 devices it seems 03:17 -!- comps [~username@gw-gsosfm.gsosfm.cz] has joined #openvpn 03:18 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 03:18 < comps> hello, is there any official workaround for p2p mode on privileged ports? http://pastebin.com/8aGHaeQZ (debian squeeze, openvpn 2.2.2 from repos.openvpn.net) 03:19 < comps> the only easy way I can think of is CAP_NET_ADMIN 03:20 < comps> (the problem happens on client reconnect) 03:31 <@vpnHelper> RSS Update - forum: Connection works but not all traffic routing even with redir || Error using tun4 03:35 < phrearch> hm, im trying to allow pings over the vpn tunnel like: iptables -I INPUT -i tun0 -p icmp --icmp-type 0 -s 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 03:35 < phrearch> ping doesnt seem to work though 03:37 <@vpnHelper> RSS Update - forum: one Public IP => multiple VLANs (one per department) 03:43 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 03:45 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 03:46 < phrearch> hm weird 03:46 < phrearch> iptables -A INPUT -i tun0 -p icmp -m limit --limit 10/second -j ACCEPT 03:46 < phrearch> this one doesnt work. but it works when i keep out the tunnel interface 03:46 < phrearch> im trying to ping the machine over the tunnel 03:47 < reiffert_> could you paste: iptables -L -v -n --line-nu 03:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Client Quit] 03:48 < reiffert_> and change OUTPUT and FORWARD policy to ACCEPT before doing this. 03:49 < phrearch> http://paste.pocoo.org/show/537689/ 03:49 < phrearch> ow ehm, sorry. should have done that last direction first 03:50 < phrearch> ah, think that was already the case 03:51 < reiffert_> is that a vpn client or a vpn server? 03:51 < phrearch> its a vpn client 03:51 < phrearch> im trying to ping it on the vpn address 03:51 < reiffert_> get rid of line 1,2,4,7,8 03:51 < reiffert_> and add 03:52 < reiffert_> nothing. 03:52 < reiffert_> and repaste 03:53 < reiffert_> iptables -D INPUT 1 03:53 < reiffert_> iptables -D INPUT 1 03:53 < reiffert_> iptables -D INPUT 2 03:53 < reiffert_> check with -L -v -n --line-nu 03:53 < phrearch> http://paste.pocoo.org/show/537691/ 03:54 < reiffert_> let me check 03:54 < phrearch> ow missed that last one 03:54 < reiffert_> remove line 2,4,5 03:54 < phrearch> 2 is already commented 03:55 < reiffert_> see the line numbers in the INPUT chain? 03:55 < reiffert_> those are the numbers I'm referring too 03:55 < phrearch> ah sorry. i thought you mentioned the ip rules 03:55 < reiffert_> "Chain num" 03:55 < reiffert_> Actually it's the "Rule num" 03:56 < reiffert_> those are 03:56 < reiffert_> however 03:57 < reiffert_> repaste please 03:58 < phrearch> hm, lost ssh access again 03:58 < reiffert_> 10:57 < reiffert_> repaste please 04:02 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 04:03 < phrearch> http://paste.pocoo.org/show/537695/ 04:03 < phrearch> sorry, took a while 04:03 < reiffert_> great. 04:04 < reiffert_> now connect the vpn client to the vpn server 04:04 < phrearch> it is already 04:04 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 04:04 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 04:04 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:04 < reiffert_> from the server do: telnet IPOFCLIENT 22 04:04 < reiffert_> telnet VPNIPOFCLIENT 22 04:05 < phrearch> i got no access from the vpn server 04:05 < reiffert_> do you see something? 04:05 < reiffert_> from the client paste: 04:05 < reiffert_> netstat -anp |grep ssh 04:05 < reiffert_> and: ifconfig 04:08 < reiffert_> out for a smoke, brb 04:08 < phrearch> ok thanks for the help 04:08 < reiffert_> 11:05 < reiffert_> from the client paste: 04:08 < reiffert_> 11:05 < reiffert_> netstat -anp |grep ssh 04:08 < reiffert_> 11:05 < reiffert_> and: ifconfig 04:09 < phrearch> iptables -A INPUT -p icmp -m limit --limit 10/second -j ACCEPT 04:09 < phrearch> iptables -A INPUT -p icmp -j DROP 04:10 < phrearch> this is fine by me as well. ping works then, but also from the net 04:13 < reiffert_> please. do as told. 04:13 < reiffert_> we are || that close from a working solution 04:14 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 04:15 -!- mode/#openvpn [+v s7r] by ChanServ 04:15 <@vpnHelper> RSS Update - forum: Testing environment 04:17 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 04:17 -!- mode/#openvpn [+v Axeman] by ChanServ 04:19 -!- Diffen [~diffen@c-217-115-61-226.cust.bredband2.com] has joined #openvpn 04:22 -!- master_of_master [~master_of@p57B52D8D.dip.t-dialin.net] has quit [Ping timeout: 248 seconds] 04:24 -!- master_of_master [~master_of@p57B55AFA.dip.t-dialin.net] has joined #openvpn 04:37 -!- virtuaposta [~suraj@114.143.184.114] has quit [Quit: Leaving] 04:39 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 04:45 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 04:50 -!- Diffen [~diffen@c-217-115-61-226.cust.bredband2.com] has quit [Quit: This computer has gone to sleep] 04:57 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets || Simple connection does not work 04:58 < reiffert_> phrearch: ping? 05:01 < phrearch> reiffert_: pong, turns out that it didnt work as expected :/ 05:01 < reiffert_> phrearch: did you paste what I asked you yet? 05:01 < reiffert_> did you paste yet what I was asking you? 05:03 <@vpnHelper> RSS Update - forum: I connect but I see the network || Internet Speed with and without OpenVPN 05:04 < phrearch> it shows some incoming connections on the second lan 05:05 -!- c1de0x [~c1de0x@208.111.44.254] has joined #openvpn 05:07 < phrearch> think that was it 05:11 -!- Araluccl0 [~lallo@216.231.135.109] has joined #openvpn 05:12 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Read error: Connection reset by peer] 05:26 -!- virtuaposta [~suraj@114.143.184.114] has joined #openvpn 05:27 < virtuaposta> hi all, is there any way so that we can VPN in between same LAN networks, for example road warriors utilising 192.168.1.0/24 connecting through VPN to office with network 192.168.1.0/24? 05:33 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 05:35 -!- comps [~username@gw-gsosfm.gsosfm.cz] has left #openvpn [] 05:40 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 05:46 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 06:00 -!- dazo_afk is now known as dazo 06:04 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 06:21 -!- virtuaposta [~suraj@114.143.184.114] has quit [Quit: Leaving] 06:29 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has joined #openvpn 06:33 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 252 seconds] 06:33 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 06:34 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 06:34 -!- mode/#openvpn [+v Axeman] by ChanServ 06:40 -!- eddyst1 [~eddyst@p50854B45.dip0.t-ipconnect.de] has joined #openvpn 06:41 < eddyst1> !welcome 06:41 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 06:43 < eddyst1> !goal 06:43 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 06:44 -!- Axeman [~Axeman3@openvpn/user/axeman] has quit [Ping timeout: 248 seconds] 06:49 < eddyst1> !paste 06:49 <@vpnHelper> "paste" is "pastebin" is (#1) please paste anything with more than 5 lines into pastebin or a similar website, or (#2) ie: www.pastebin.ca 06:52 <@vpnHelper> RSS Update - forum: Please help me with OPENVPN 06:56 -!- danielwa [~user@e177136225.adsl.alicedsl.de] has joined #openvpn 07:00 < eddyst1> ?logs 07:01 < eddyst1> !logs 07:01 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 07:04 <@vpnHelper> RSS Update - forum: cannot ping openvpn server 07:08 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 07:10 -!- danielwa [~user@e177136225.adsl.alicedsl.de] has quit [Remote host closed the connection] 07:10 <@vpnHelper> RSS Update - forum: Theoretical setup || cannot ping openvpn server 07:13 < eddyst1> !configs 07:13 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 07:15 < eddyst1> !howto for beginners 07:15 < eddyst1> !howto 07:15 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 07:15 < eddyst1> !route 07:15 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 07:22 < reiffert_> phrearch: does it work now? 07:23 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 07:29 < phrearch> reiffert_: yea kinda. thanks for the help 07:40 <@vpnHelper> RSS Update - forum: Can't connect - Having a hard time with this 07:43 < eddyst1> !mitm 07:43 <@vpnHelper> "mitm" is (#1) http://openvpn.net/index.php/documentation/howto.html#mitm to know about stopping Man-in-the-Middle attacks by signing the server cert specially or (#2) use !servercert to generate the server cert manually or use the easy-rsa build-key-server script to build your server certificates or (#3) then use: ns-cert-type server in the client config 07:44 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 07:44 -!- mode/#openvpn [+v Axeman] by ChanServ 07:49 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn [] 07:52 <@vpnHelper> RSS Update - forum: How to get exitcode from cmd line windows 08:04 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 08:07 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 08:10 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:12 -!- axelm7 [axelm7@186.135.15.217] has joined #openvpn 08:12 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Client Quit] 08:13 < eddyst1> I would like to access the lan behind the server with bridging. The connection establishes and I can ping the server. Tracert 192.168.54.1 try’s to go over 192.168.54.1 which is the default gateway on the client’s side. My prefered language is german. Client: Win 7 Server ubuntu 10.10 virtual Tracert 192.168.54.1: http://pastebin.ca/2104486 Route print: http://de.pastebin.ca/2104488 Ipconfig /all: http://de.pastebin 08:13 < axelm7> hi guys, got a dd-wrt router running openvpn 2.2.1 and the openvpn process is dying for some reason. here's the log: http://fpaste.org/XGWZ/ . check out line 276 08:13 < axelm7> in fact I have 100 of these routers in production and most of them have the same problem 08:14 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has joined #openvpn 08:18 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 08:34 <@vpnHelper> RSS Update - forum: Asking for a second password 08:41 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 08:42 -!- Rolybrau [~Rolybrau@116-197.77-83.cust.bluewin.ch] has joined #openvpn 08:42 -!- Rolybrau [~Rolybrau@116-197.77-83.cust.bluewin.ch] has quit [Changing host] 08:42 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 08:47 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:52 -!- brah [~watter@host168.201-252-195.telecom.net.ar] has quit [Ping timeout: 240 seconds] 08:55 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 08:57 < axelm7> eddyst1, do you really need bridge mode instead of routing? 08:57 <@vpnHelper> RSS Update - forum: OpenVPN client for the iPhone and iPad 09:02 -!- Gravitro_ [~admin@69.163.40.45] has joined #openvpn 09:05 < eddyst1> I would prefere it. Also if it is a little more traffic is is easyer to work with the fileshares (I think so - but I'm new for configuring a own OpenVPN). 09:05 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 09:07 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has joined #openvpn 09:09 < axelm7> eddyst1, isn't windows file sharing just a matter of forwarding some ports? netbios, rpc, and some other windows port? 09:10 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 09:11 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 09:13 < eddyst1> axelm7: Whats the problem with brideging? If I read the Advantages <> disadvantages section of the FAQ it seams fine to me. 09:14 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 09:15 < kokozedman> heys guys... i'm having a strange, probably MTU related problem here, yet i'm on a TCP-based setup... does that happen? 09:15 < kokozedman> when i download, everything works fine 09:15 < kokozedman> but as soon as i try to upload something, it breaks 09:19 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Ping timeout: 252 seconds] 09:20 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 09:22 -!- boianmiahilov [~Adium@83.97.64.97] has joined #openvpn 09:22 < boianmiahilov> hi everyone 09:22 < ecrist> kokozedman: 09:22 < ecrist> !tcp 09:22 < boianmiahilov> i have one question 09:22 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 09:22 < ecrist> also 09:22 < ecrist> !mtu 09:22 -!- dioz [~dioz@2001:470:d:e3::1] has quit [Client Quit] 09:22 <@vpnHelper> "mtu" is (#1) see --mtu-test to learn how to test your MTU settings. Basically you just use --mtu-test in your normal client config or (#2) mtu debugging guide: http://www.secure-computing.net/wiki/index.php/OpenVPN/Troubleshooting 09:22 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 258 seconds] 09:23 < boianmiahilov> is it posiable to have VPN connection to server A and make the trafic for its public ip adress pass trough the VPN 09:26 < ecrist> if the routing is set up to support it 09:26 -!- dioz [~dioz@2001:470:d:e3::1] has joined #openvpn 09:33 < dioz> asdf 09:34 < ecrist> ghjkl 09:39 < boianmiahilov> ecrist: any ideas how to set it that ? 09:40 < ecrist> boianmiahilov: generally, it's going to be out of the scope of ability for most users 09:40 < ecrist> it involves core routing changes at the ISP level 09:42 < boianmiahilov> i understand networking very well but still i cant see that happen without looping it 09:44 < boianmiahilov> and if it involves ISP level changes it means its not going trough the vpn 09:45 -!- eddyst1 [~eddyst@p50854B45.dip0.t-ipconnect.de] has left #openvpn [] 09:57 -!- boianmiahilov1 [~Adium@83.97.64.99] has joined #openvpn 09:58 -!- boianmiahilov [~Adium@83.97.64.97] has quit [Ping timeout: 255 seconds] 10:01 -!- wat [~watter@host203.190-30-138.telecom.net.ar] has joined #openvpn 10:01 -!- boianmiahilov1 [~Adium@83.97.64.99] has quit [Client Quit] 10:05 -!- bauruine [~stefan@cust.static.46-14-176-113.swisscomdata.ch] has quit [Quit: Leaving] 10:19 -!- BoomSie [~gideon@dw77242112238.amsterdam-tc.dataweb.net] has quit [Ping timeout: 245 seconds] 10:26 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 10:26 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has joined #openvpn 10:30 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 240 seconds] 10:30 -!- corretico [~luis@190.211.93.11] has joined #openvpn 10:30 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 10:31 -!- boianmiahilov [~Adium@87.120.127.238] has joined #openvpn 10:31 -!- boianmiahilov [~Adium@87.120.127.238] has quit [Client Quit] 10:32 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 10:35 -!- corretico [~luis@190.211.93.11] has quit [Max SendQ exceeded] 10:35 -!- corretico [~luis@190.211.93.11] has joined #openvpn 10:41 <@vpnHelper> RSS Update - forum: Block access to Lan but not Internet 10:42 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 10:45 -!- phrearch [~phrearch_@212-182-144-130.ip.telfort.nl] has quit [Remote host closed the connection] 10:47 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 10:59 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Remote host closed the connection] 11:03 <@vpnHelper> RSS Update - forum: How-to: Tunnel WAN IP assigned to specific users 11:04 -!- axelm7 [axelm7@186.135.15.217] has quit [Ping timeout: 272 seconds] 11:07 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 11:12 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 11:20 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 11:24 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 11:27 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping 11:35 -!- Azrael808 [~peter@212.161.9.162] has quit [Ping timeout: 260 seconds] 11:40 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 11:52 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 11:53 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has quit [Read error: Connection reset by peer] 11:56 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has quit [Quit: chmig] 12:01 -!- JPeterson [HydraIRC@s213-103-209-64.cust.tele2.se] has joined #openvpn 12:03 <@vpnHelper> RSS Update - forum: Client Windows 7 can't run ping || Routed OpenVPN between two subnets 12:15 -!- caemir [~caemir@unaffiliated/caemir] has quit [Quit: Reboot time] 12:15 <@vpnHelper> RSS Update - forum: Block access to Lan but not Internet 12:15 -!- cconstantine [~cconstant@173.247.200.5] has quit [Read error: Connection reset by peer] 12:28 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 12:31 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 12:32 -!- Araluccl0 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 12:41 -!- KaiForce [~chatzilla@adsl-70-228-66-236.dsl.akrnoh.ameritech.net] has quit [Quit: ChatZilla 0.9.88 [Firefox 9.0.1/20111220165912]] 12:43 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 12:45 <@vpnHelper> RSS Update - forum: Routed OpenVPN between two subnets 12:46 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 13:00 -!- p3rror [~mezgani@41.137.254.45] has quit [Ping timeout: 252 seconds] 13:04 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 13:08 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 13:15 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has quit [Remote host closed the connection] 13:31 -!- Meeloow [~Meeloow@5ED4728D.cm-7-5b.dynamic.ziggo.nl] has joined #openvpn 13:31 < Meeloow> !welcome 13:31 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 13:31 < Meeloow> !goal 13:32 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 13:32 < Meeloow> Hello 13:32 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 13:33 < Meeloow> I have an issue with my vpn client, is there someone here who could help me? 13:33 -!- dazo is now known as dazo_afk 13:34 <+EugeneKay> !psychic 13:34 <@vpnHelper> "psychic" is We're not psychic -- please !paste your !configs and !logs and a description of the issue 13:35 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 13:36 < Meeloow> The issue is that I would like to enable split tunneling on my vpn service, I'm using privatetunnel.com which provides 100mb of free vpn service, but in order to preserve bandwith I want to make it only use the vpn route for a specific IP 13:37 < Meeloow> i've read you can do this serverside, but i have no access to their server, so i haev to do it clientside 13:37 < Meeloow> have* 13:37 <+EugeneKay> You need to play with the routing 13:38 < Meeloow> In the client.ovpn file, right? 13:38 <+EugeneKay> Yup. 13:38 < Meeloow> I'm a total newbie when it comes to vpn, this is my first time using one 13:38 <+EugeneKay> You probably have a "client" or "pull" directive? 13:39 < Meeloow> you mean a folder? 13:39 <+EugeneKay> directive == line inside the .conf/.ovpn 13:39 < Meeloow> oh, let me check 13:40 < Meeloow> yes 13:40 < Meeloow> one line containing "client" 13:41 <+EugeneKay> Mmmkay. That means that your client will be "pull"ing additional configuration stuff from the server when it connects. Most relavent to your situation is that it pulls route info 13:41 <+EugeneKay> What you want to do is ignore that route info and only enact the ones that you specify in your .ovpn 13:41 < Meeloow> Alright 13:42 <+EugeneKay> Add "route-nopull" to do the first, and then "route 1.2.3.4" to do the second. 13:42 <+EugeneKay> COnsult the man page for more info on the exact syntax of --route 13:42 <+EugeneKay> !man 13:42 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 13:42 <+EugeneKay> You only need to specify the network & netmask parameters, gateway/metric you can omit. 13:44 < Meeloow> I'm lost in the long manual page, heh 13:44 <+EugeneKay> ctrl-f for "--route" 13:44 < Meeloow> --route network/IP [netmask] [gateway] [metric]? 13:44 <+EugeneKay> Yup 13:45 < Meeloow> Alright 13:46 < Meeloow> So route.1.2.3.4 13:46 < Meeloow> Actually 13:46 < Meeloow> I'm lost again 13:47 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has quit [] 13:47 <+EugeneKay> Add one route line per subnet block you want to access via the VPN 13:47 < Meeloow> Wait, let me explain exactly why I want to do this 13:48 < Meeloow> I'm playing a game that is hosted on a certain host, but their host is disconnecting IP's from holland (I'm from holland) because of bad routing, and the only way to play without getting disconnected is by using a different route 13:48 < Meeloow> This is why the server owner suggested me to use a vpn server until the issue gets fixed 13:49 < Meeloow> I have absolutely zero knowledge of routing in general 13:49 <+EugeneKay> Is it a single IP you're trying to get access to, or a whole block of them? 13:49 < Meeloow> A single ip, just the ip of the server I want to play on 13:49 < Meeloow> Everything else should go normally, not included in the vpn 13:49 <+EugeneKay> route the.ip.add.res 13:50 < Meeloow> Ah! 13:50 < Meeloow> so just route and then the ip adress? 13:50 <+EugeneKay> Yup 13:50 < Meeloow> Alright! Let me try 13:50 < Meeloow> Thanks! 13:50 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 13:53 < Meeloow> whatismyip.com now shows my normal ip 13:54 < Meeloow> I think this did solve the problem 13:54 < Meeloow> Thank you so much! 13:54 <+EugeneKay> Good. ;-) 13:55 -!- eddyst1 [~eddyst@drsd-4db30d35.pool.mediaWays.net] has joined #openvpn 13:55 < Meeloow> ipconfig still shows the vpn ip though 13:56 < Meeloow> Is this normal? 13:56 <+EugeneKay> On the vpn device, yes. 13:58 < Meeloow> But it's still completely disconnected from the vpn server otherwise, right? 13:58 < Meeloow> So it can't eat my bandwith as long as I'm not in the game 13:58 <+EugeneKay> It's connected, but no traffic is routed to go over it. 13:58 < Meeloow> Awesome 13:58 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has joined #openvpn 13:58 < Meeloow> Thanks again! 14:00 < durando> i am having difficuties with the security for openvpn, i have sucessfully created a ca cert, server cert/key, and 2 client certs/keys, i am able to get client 1 to connect without issues, but client 2 is an android client and keeps asking me for a username / password when i have not set one up can someone please assist me with figuring out this very frustrating issue 14:00 <+EugeneKay> !android 14:00 <@vpnHelper> "android" is (#1) CyanogenMod includes an integrated OpenVPN client. You will need a !p12 to load your certificates. or (#2) If you can't get CM, get root/busybox/tun and grab android-openvpn-installer + openvpn-settings from Market 14:01 <+EugeneKay> The CM client requires you to load the certificate into the phone's cert store 14:01 < durando> hmm 14:01 < durando> well i have cm, and i am using the openvpn settings from market 14:02 < durando> so how do i tell it that it doesn't need the username / password? 14:02 * EugeneKay makes a funny face 14:02 <+EugeneKay> No idea. I don't use that app. 14:02 < durando> i couldn't figure out how to use the built in client 14:03 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 14:03 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 14:03 < durando> would you be willing to assist me in setting up the CM client correcty 14:03 < durando> whats is a !p121 14:03 < durando> whats is a !p12 14:04 < durando> !p12 14:04 <@vpnHelper> "p12" is openssl pkcs12 -export -out filename.p12 -inkey filename.key -in filename.crt -certfile ca.crt 14:04 < durando> hmmm 14:12 < durando> okay so i have a p12 now 14:13 < durando> and i copied it along with the client2.crt and client2.key and a client2.ovpn i created to data/openvpn 14:13 < durando> but i still can't seem to select the certs in the default app in cm under settings>wireless&networks>VPN 14:14 <+EugeneKay> That would be because you don't do any of that in order to use the CM client 14:14 <+EugeneKay> http://wiki.cyanogenmod.com/wiki/OpenVPN#Client 14:14 <@vpnHelper> Title: OpenVPN - CyanogenMod Wiki (at wiki.cyanogenmod.com) 14:20 < durando> hmm 14:20 < durando> okay now i can use it in the internal client 14:20 < durando> but it still asks for a non existant username/password 14:21 < durando> not sure if it matters but the openvpn server is on TomatoUSB router firmware 14:23 <+EugeneKay> Don't specify one :-p 14:24 < durando> i'm saying when it connects its telling me that it needs a username/passwrod 14:24 < durando> but it never does it for client1 14:24 < durando> client1 is another tomatousb router 14:26 < durando> i think i may see the issue now 14:29 < durando> just me being stupid 14:29 < durando> i have a connection 14:29 < durando> but i can't seem to communicate from android to the network behind client1 14:29 -!- diffen3 [~diffen@c-4f6601a6-74736162.cust.telenor.se] has joined #openvpn 14:31 <@vpnHelper> RSS Update - forum: Computer Repair... 14:32 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Ping timeout: 248 seconds] 14:41 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has quit [Read error: Connection reset by peer] 14:42 -!- Essobi [~Essobi@74-128-55-37.dhcp.insightbb.com] has joined #openvpn 14:48 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 14:51 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has joined #openvpn 14:51 -!- diffen3 [~diffen@c-4f6601a6-74736162.cust.telenor.se] has quit [Ping timeout: 255 seconds] 15:01 <@vpnHelper> RSS Update - forum: Help Creating a Configuration File 15:07 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 15:11 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 15:13 -!- p3rror [~mezgani@41.249.138.132] has joined #openvpn 15:16 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 15:17 < Araluccl0> hi, I successully (sort of) configured my openvopn client's traffic to be routed thru my vpn server... that works everywhere but at work... redirect-gateway def1 doesnt work... and traffic is not redirected... any idea why? unfortunately I cant provide any log... using tcpdump I can only see stuff directed > original dns servers and that stops there... 15:18 < Araluccl0> oh... at work... it works perfectly using windows 7 but not using wifi and openvpn on my android... 15:18 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 15:18 < Araluccl0> same configuration on my android works perfectly at home 15:19 <+EugeneKay> Not much that can be done without logs. 15:19 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has quit [Remote host closed the connection] 15:20 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 15:22 < Meeloow> EugeneKay? 15:22 <+EugeneKay> Not you 15:23 < Meeloow> My internet radio and msn just disconnected after using the vpn with split tunneling for a while 15:23 < Araluccl0> yes... I see... I hoped it was something known... not only my issue... ) 15:23 < Meeloow> Could this be coincidence or could it have to do with the vpn settings? 15:23 <+EugeneKay> Concidence / international routing issues / space aliens ate your packets. :-p 15:23 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 260 seconds] 15:24 < Meeloow> I did a tracert to google and it's different than normal aswell 15:24 < Meeloow> It makes me think some things still go through the vpn for some reason haha 15:25 <@vpnHelper> RSS Update - forum: Build own Installer 15:28 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 15:39 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 15:44 -!- p3rror [~mezgani@41.249.138.132] has quit [Read error: Connection reset by peer] 15:46 -!- chmig [~chmig@46-126-126-44.dynamic.hispeed.ch] has left #openvpn [] 15:53 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 15:55 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 16:10 -!- SA007 [~sa007@80-69-95-149.colo.transip.net] has joined #openvpn 16:11 < SA007> hi, i could use some help, openvpn complains about not route to host when trying to setup the vpn 16:11 < SA007> but 1 can ping the host just fine, also netcat on the host/port works 16:12 < SA007> where could be the problem, I had the setup working on a different set of ip's 2 days ago, but now i put it into production and it faild horribly without appearant reason 16:13 < SA007> i have a bridge with tap0 bridget to eth0 on one side, and a client with tap0 on the other side, both are configures wthout any security (plaintext) 16:13 <@vpnHelper> RSS Update - forum: [OK] Simple connection does not work 16:13 < SA007> i have tried udp and tcp, both fail on the same point 16:16 < SA007> also, none of the sides have firewalling, just for testing 16:19 <@vpnHelper> RSS Update - forum: [OK] Simple connection does not work 16:23 < SA007> ok, connection works now, now to get data over it... more dbugging 16:23 < SA007> problem was the subnet mask overlayd the server ip 16:23 < SA007> appearantly it doesn't like that, but with verb 6 error messages get kindof flushed away 16:32 -!- eddyst1 [~eddyst@drsd-4db30d35.pool.mediaWays.net] has left #openvpn [] 16:42 < SA007> is there anybody here? 16:44 <+EugeneKay> Nobody but us rocks. 16:45 -!- wat [~watter@host203.190-30-138.telecom.net.ar] has quit [Ping timeout: 240 seconds] 16:45 < SA007> :) 16:46 < SA007> í'm now struggling with routing 16:46 < SA007> from what i understand this should work, but it doesn't 16:46 < prg3> tcpdump 16:46 < SA007> i've got some wtupid setting wrong, but can't find it 16:46 < prg3> use tcpdump, and find where the packets are going between the 2 systems. 16:47 < SA007> i don't even know what i should be looking for 16:48 < prg3> Well, if you built the routes, you should know which packets and traffic should be going out which interface? watch that interface and make sure they leave on it.. 16:48 < prg3> Or this is client to server? 16:48 < SA007> what i basically want, i have host 1 which is on 81.x.x.64, and host two which is on 80.x.x.150 16:49 < SA007> and i want host two to also have ip adress 81.x.x.61 16:49 < prg3> So vpn in with tap? 16:50 < SA007> i have that, host one is running a bridge between eth0 and tap0, host2 gets in remotely, i have the ip on host2, but the data is not flowing as it should 16:50 < SA007> but i'm puzziling which ip should be at what point in which config 16:50 < prg3> I'm not sure about tap.. everything I've done is tun, it makes more sense to me. 16:51 < SA007> should both ifconfig lines be identical, what about the netmask, by hosting provider says 255.255.255.128, but whith that i can't get the tunnel going 16:52 < prg3> the ifconfigs should be different IP addresess for sure.. 16:52 < prg3> I'm really not sure at all about weirdnesses with tap. What I'd do is setup a backend network and use tun to route to that.. which is your server? 16:52 < SA007> you'd think so, but it gives an error message on that 16:52 < SA007> both are mine 16:53 < prg3> In the OpenVPN context, which is the server and which is the client? 16:53 < SA007> 81.x.x.64 is the server, 80.x.x.150 is the client 16:54 < prg3> Personally, I'd setup .64 with tap, use 10.0.0.0/24 as your backend network, and then it'll assign an IP to 150 on the 10 when it connects. 16:54 < prg3> I can't help with bridging, it frightens me :) 16:54 <@vpnHelper> RSS Update - forum: I connect but I see the network 16:54 < SA007> but that doen't give met the externally visible 81.x.x.61 i need 16:55 < SA007> i have it fully working 2 days ago, but now the netmasks overlap and appearantly openvpn really doen't like that 16:55 < prg3> Oh… 16:56 < prg3> I'm not sure at all with this one.. Probably best to ask the question on anytime not Friday afternoon/evening though :) 16:56 < prg3> I gotta run myself. 16:56 < SA007> yeah, i'd wish i'd had time on a normal hour to move my server, but i don't 16:56 < SA007> really really tired here and still 1,5 hours drive from home... 16:57 < prg3> Ouch 16:57 < prg3> Good luck! 16:57 < SA007> and the damn tunnel isn't working so my websites are down 16:57 < SA007> thanks 16:57 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 16:58 -!- wat [~watter@host14.201-252-209.telecom.net.ar] has joined #openvpn 17:06 < SA007> noone here thow know hot to get bridging working? 17:09 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:09 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:12 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:12 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:13 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:15 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:15 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:15 <+EugeneKay> Nope. Bridging is evil and vile. 17:16 < SA007> i agree, but i need to get stuff temporaily working :P 17:16 < SA007> now trying somehting else evil 17:16 < SA007> prying all used ports using ssh commandline options 17:18 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:20 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 17:21 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:21 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:26 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 17:27 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:29 -!- pimperle [~pimp@194.59.156.81] has joined #openvpn 17:29 < pimperle> hallo everyone 17:30 < pimperle> when using openvpn with the --redirect-gateway option, it does not create a host route to the openvpn server before tearing down the default route 17:30 < pimperle> hence the connection does not work 17:31 < pimperle> i am using a certificate to login and without redirect-gateway the local adresses get forwarded as expected 17:36 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:36 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:37 -!- defsdoor [~andy@cpc17-sutt4-2-0-cust175.perr.cable.virginmedia.com] has quit [Quit: Ex-Chat] 17:37 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 17:38 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:38 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:41 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:41 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:41 -!- coagula [~coagula@207.204.240.195] has joined #openvpn 17:42 -!- coagula [~coagula@207.204.240.195] has quit [Client Quit] 17:46 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:46 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 17:50 -!- tekzilla [~jon@hmbg-4d06f59f.pool.mediaWays.net] has quit [Ping timeout: 260 seconds] 17:51 -!- oc80z [oc80z@blea.ch] has quit [Changing host] 17:51 -!- oc80z [oc80z@openvpn/user/oc80z] has joined #openvpn 17:52 -!- tekzilla [~jon@hmbg-4d06b96a.pool.mediaWays.net] has joined #openvpn 17:53 -!- SA007 [~sa007@80-69-95-149.colo.transip.net] has quit [Quit: leaving] 17:53 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 17:55 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 17:55 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 17:55 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:00 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 18:00 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 18:02 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 18:06 <@vpnHelper> RSS Update - forum: New installation on Vmware esxi 5.0 - use appliance or not? 18:07 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 18:08 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:14 -!- Araluccl1 [~lallo@216.231.135.109] has joined #openvpn 18:14 -!- dkr [~dkr@67.132.255.16] has quit [Ping timeout: 252 seconds] 18:14 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 260 seconds] 18:15 -!- wat [~watter@host14.201-252-209.telecom.net.ar] has quit [Ping timeout: 240 seconds] 18:17 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 18:18 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:21 -!- Araluccl1 [~lallo@216.231.135.109] has quit [Ping timeout: 252 seconds] 18:21 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 18:27 -!- wat [~watter@host73.201-252-193.telecom.net.ar] has joined #openvpn 18:38 -!- MeanderingCode_ [~Meanderin@97-123-14-239.albq.qwest.net] has joined #openvpn 18:39 -!- MeanderingCode [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Ping timeout: 252 seconds] 18:49 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 18:49 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 18:53 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 18:53 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:01 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 19:01 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:12 -!- koaschten_ [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 19:14 -!- JackWinter2 [~jack@ppp-289.vo.lu] has joined #openvpn 19:15 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Read error: Operation timed out] 19:15 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 272 seconds] 19:16 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 240 seconds] 19:19 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 19:19 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:25 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 19:25 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:25 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:25 -!- newl [~newl@97.75.165.156] has quit [Client Quit] 19:27 -!- newl [~newl@97.75.165.156] has joined #openvpn 19:28 -!- Araluccl0 [~lallo@151.77.231.209] has joined #openvpn 19:28 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:32 -!- Araluccl1 [~lallo@151.77.231.209] has joined #openvpn 19:32 -!- Araluccl0 [~lallo@151.77.231.209] has quit [Read error: Connection reset by peer] 19:38 -!- newl [~newl@97.75.165.156] has left #openvpn [] 19:56 -!- APTX [APTX@unaffiliated/aptx] has quit [Ping timeout: 252 seconds] 19:57 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 20:00 -!- Meeloow [~Meeloow@5ED4728D.cm-7-5b.dynamic.ziggo.nl] has quit [Quit: Ik ga weg] 20:43 <@vpnHelper> RSS Update - forum: OpenVPN + OSX + Viscosity Error 20:48 -!- zeshoem [~zee@108.162.156.19] has joined #openvpn 21:04 -!- Denial [Denial@drgi.co.uk] has quit [] 21:09 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:41 -!- DrArcheh [~drarcheh@85.214.227.198] has quit [Changing host] 21:41 -!- DrArcheh [~drarcheh@unaffiliated/drarcheh] has joined #openvpn 22:00 -!- JoeK [~Joseph@node1-eros.hostftw.com] has quit [Quit: ZNC - http://znc.in] 22:04 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 22:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 22:06 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 23:14 -!- wat [~watter@host73.201-252-193.telecom.net.ar] has quit [Ping timeout: 240 seconds] 23:24 -!- raidz [~raidz@openvpn/corp/admin/andrew] has quit [Ping timeout: 252 seconds] 23:28 -!- wat [~watter@host46.200-117-224.telecom.net.ar] has joined #openvpn --- Day changed Sat Jan 21 2012 00:08 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has joined #openvpn 00:14 -!- durando_ [~quassel@cpe-67-253-41-119.maine.res.rr.com] has joined #openvpn 00:33 -!- durando [~quassel@cpe-67-253-41-119.maine.res.rr.com] has quit [Remote host closed the connection] 00:43 -!- Gravitro_ [~admin@69.163.40.45] has quit [Ping timeout: 252 seconds] 00:49 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 00:51 -!- sW0rd7_indie [~sW0rd7_in@c-68-61-162-175.hsd1.mi.comcast.net] has joined #openvpn 00:54 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 00:58 -!- sW0rd7_indie [~sW0rd7_in@c-68-61-162-175.hsd1.mi.comcast.net] has quit [] 01:05 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. 01:06 -!- koaschten_ [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 248 seconds] 01:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:15 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:19 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:20 -!- ScriptFanix [~vincent@Hanaman.riquer.fr] has joined #openvpn 01:43 -!- ScriptFanix [~vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:44 -!- `Ile` [~kvirc@91-150-99-228.dynamic.isp.telekom.rs] has joined #openvpn 01:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:04 -!- diemaco [~doom@2001:470:1d:5d8:4c8e:9396:7d4a:cdc3] has quit [Read error: Connection reset by peer] 02:05 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:08 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:10 -!- wat [~watter@host46.200-117-224.telecom.net.ar] has quit [Ping timeout: 240 seconds] 02:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:24 -!- wat [~watter@host134.186-125-77.telecom.net.ar] has joined #openvpn 02:34 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:41 -!- mjbots [~thutomj@168.167.176.49] has joined #openvpn 02:43 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:46 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:53 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 02:57 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 02:58 < mjbots> !welcome 02:58 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 02:59 < mjbots> !goal 02:59 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 03:02 < mjbots> 1. Which hardware devices does openvpn require? 03:05 < mjbots> 2. Do I need to have a public static IP for the office and at home? 03:06 < mjbots> 3. Do I have to purchase a firewall like cisco asa firewall or a standard modem provided by ISP will work just fine? 03:08 < mjbots> 4. What kind of support does openvpn team offer except for software updates? 03:11 < mjbots> 5. Does the openvpn also offer installations, configurations and implementation remotely? What are charges? 03:14 <+EugeneKay> Any x86-like hardware 03:15 <+EugeneKay> The server needs to have a public IP. The client can be behind any UDP or TCP-passing NAT device 03:15 <+EugeneKay> Firewalling is up to you. Linux's iptables works well. 03:16 <+EugeneKay> The same provided by most GPL projects - man pages and volunteers on the mailing list. You can buy support/services from OpenVPN Techonologies, the company behind most development on the project. 03:16 <+EugeneKay> Not as such, but you can find consultants willing to do such, or purchase OpenVPN-AS, which is OpenVPN Tech's hosted product. 03:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:18 <+EugeneKay> Addendum to the first - you can run openvpn on anything that it'll compile for, but x86 and x86-64 linux distros or BSD are the most common. It's also available for Android, and ARM router firmwares such as Tomato and OpenWRT. If you want high speed you'll want a commodity *nix server, though. 03:30 <+EugeneKay> mjbots - yurp, but please try to keep it in-channel 03:30 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:35 < mjbots> So that is to say, from the ISP to the openvpn_server (with 2 nic ports - external and internal) right! 03:36 < mjbots> But what if the ISP doesnt offer static IP address to public? 03:36 <+EugeneKay> Then there's not much you can do to get incoming access. 03:36 < mjbots> Will it work if I use some service like dyndns 03:37 <+EugeneKay> That only serves to give you a static hostname on your dynamic IP. You still need to be able to receive the incoming UDP or TCP connection. 03:38 <+EugeneKay> That means a public IP. 03:38 <+EugeneKay> You can use an external VPN server to route your way in, but that takes a VPS or such someplace 03:38 <@vpnHelper> RSS Update - forum: [Help] Problem To Connect to the Server || Remote Desktop 03:39 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:40 < mjbots> That's where the OpenVPN-AS comes into play? 03:41 <+EugeneKay> If you want them to hsot it, sure. But I really don't even know if it's possible to do it with them - I've not used AS. 03:42 < mjbots> But now in my case, I do not think the ISP will give me a static IP? Maybe they are going to require the company to get a leased line, is that so? 03:43 <+EugeneKay> Depends upon the carrier, but a leased line had damn well better come with a static public IP, for the kinda prices you pay. 03:48 < mjbots> I am currently trying to get hold of ISP to see if it's possible to get a static IP 04:23 -!- master_of_master [~master_of@p57B55AFA.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:24 -!- master_of_master [~master_of@p57B55616.dip.t-dialin.net] has joined #openvpn 05:24 -!- Araluccl0 [~lallo@151.77.77.173] has joined #openvpn 05:26 -!- Araluccl1 [~lallo@151.77.231.209] has quit [Ping timeout: 252 seconds] 05:31 <@vpnHelper> RSS Update - forum: hi 05:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 05:49 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 05:52 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 05:52 -!- mode/#openvpn [+v s7r] by ChanServ 06:10 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 06:20 <@vpnHelper> RSS Update - forum: Route problems in Windows 7/2008 (SOLVED) 06:21 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 06:22 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:24 -!- style [style@vpn.ilric.org] has quit [Quit: leaving] 06:26 -!- axelm7 [~axelm7@186.135.14.163] has joined #openvpn 06:31 -!- `Ile` [~kvirc@91-150-99-228.dynamic.isp.telekom.rs] has quit [Read error: Operation timed out] 06:34 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has joined #openvpn 06:34 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 06:37 -!- tjz [~pc@unaffiliated/tjz] has quit [Quit: bbl.] 06:43 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has quit [Ping timeout: 258 seconds] 06:45 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 240 seconds] 06:45 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has joined #openvpn 07:01 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has quit [Quit: Changing server...] 07:02 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has joined #openvpn 07:03 -!- sunzofma1 [~sunzofman@c-76-112-187-140.hsd1.mi.comcast.net] has joined #openvpn 07:03 < sunzofma1> greetz 07:04 -!- axelm8 [~axelm7@186.135.14.163] has joined #openvpn 07:05 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 07:07 -!- axelm7 [~axelm7@186.135.14.163] has quit [Ping timeout: 252 seconds] 07:08 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has joined #openvpn 07:08 < esters> Hi, I would like to know how to properly set up an openvpn setup (2.1.4) between two routers and different subnets, the server is 192.168.1.1 / 255.255.255.0 - http://pastebin.com/qBsm5G4E and client 192.168.2.1 / 255.255.255.0 - http://pastebin.com/aY4eBmHQ when i applied the settings above my client router hung and i had to do a hard reset and disable openvpn. 07:12 <@vpnHelper> RSS Update - forum: How do I make client work with certificate? 07:31 -!- esters [50e8ea11@gateway/web/freenode/ip.80.232.234.17] has quit [Ping timeout: 258 seconds] 07:47 -!- zeshoem [~zee@108.162.156.19] has quit [Ping timeout: 240 seconds] 07:47 <@vpnHelper> RSS Update - forum: Howto run multiple client connection using single daemon 07:50 < hyper_ch> krzee: http://i43.tinypic.com/t7omww.jpg 08:21 -!- axelm7 [axelm7@186.135.14.163] has joined #openvpn 08:22 -!- axelm8 [~axelm7@186.135.14.163] has quit [Ping timeout: 240 seconds] 08:41 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 252 seconds] 08:43 -!- kofi is now known as matsim 08:50 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 08:55 -!- vlt [~dm@suez.activ-job.com] has quit [Remote host closed the connection] 08:59 < sunzofma1> are there existing bash scripts which help automate the client key generating process. perhaps one that uses expect? 09:00 < hyper_ch> sunzofma1: there will be - as soon as you write one :) 09:00 < hyper_ch> it shouldn't be too hard to generate such thing 09:01 < sunzofma1> building keys manually can be a grind when you have 20-30 users ;-) 09:01 < sunzofma1> hyper_ch: point well taken 09:01 < hyper_ch> probably make a user.txt file 09:01 < hyper_ch> each line a new key 09:01 < hyper_ch> and a bash script that loops through the entries and creates the keys 09:01 < rob0> In the imaginary world, the way it ought to work, users would generate their own keys and send a CSR to you. 09:02 < rob0> I know that's not how it really works, though. 09:02 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 09:03 < sunzofma1> hyper_ch: just didn't want re-invent if not necessary 09:03 < hyper_ch> sunzofma1: and don't forget to publish it :) 09:04 < sunzofma1> hyper_ch: indeed 09:09 -!- eddyst [~eddyst@drsd-4dbdadfa.pool.mediaWays.net] has joined #openvpn 09:09 -!- eddyst [~eddyst@drsd-4dbdadfa.pool.mediaWays.net] has left #openvpn [] 09:09 -!- `Ile` [~kvirc@109-93-12-95.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 09:17 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has joined #openvpn 09:24 <@vpnHelper> RSS Update - forum: Static IP Windows Please 09:26 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 09:29 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 09:36 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 240 seconds] 09:37 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has quit [Quit: У меня есть более важные дела, чем холостой здесь.] 09:40 -!- JoeGazz84 [~JoeGazz84@TechEssentials/JoeGazz84] has joined #openvpn 09:51 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 09:52 < jameslordhz> hi all 09:52 < jameslordhz> i face a strange problem 09:52 < jameslordhz> i need help 09:53 <+EugeneKay> !psychic 09:53 <@vpnHelper> "psychic" is We're not psychic -- please !paste your !configs and !logs and a description of the issue 10:00 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 260 seconds] 10:01 -!- jameslordhz [~jack@125.109.172.245] has joined #openvpn 10:01 * Olipro muses as to whether the "strange problem" is related to that ping timeout 10:07 < rob0> numerous ping timeouts! 10:08 < rob0> 14:41, 15:36, 16:00 UTC 10:09 < Olipro> and all within a range of 240-260 10:09 < Olipro> you'd think that if you wanted help with a faulty connection, you wouldn't try to get that help over said connection 10:09 -!- axelm7 [axelm7@186.135.14.163] has quit [Ping timeout: 252 seconds] 10:12 < jameslordhz> EugeneKay, dude, my dhcp on lan is 192.168.1.0/24, but when i connect that router, the ip i get is 10.10.52.102, god, what a hell that is, the ip should be in 192.168.1.0/24 10:13 < jameslordhz> EugeneKay i connect the wan port of my router to another router whose dhcp range is in 10.10.52.0/24 10:13 < jameslordhz> dude, wrong channel:( 10:13 < rob0> A problem indeed, but how is that related to the topic of #openvpn? 10:13 < rob0> ah :) 10:16 < Olipro> I think his problem is OpenWRT related 10:18 -!- Olipro is now known as Llamafarmers 10:22 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has quit [Quit: Verlassend] 10:27 -!- Llamafarmers is now known as Olipro 10:29 -!- durando_ [~quassel@cpe-67-253-41-119.maine.res.rr.com] has quit [Remote host closed the connection] 10:50 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has joined #openvpn 10:58 -!- sunzofma1 [~sunzofman@c-76-112-187-140.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer] 11:02 -!- UnterPerro [~UnterPerr@c-174-61-29-146.hsd1.fl.comcast.net] has quit [Quit: UnterPerro lives to save another day] 11:06 <+EugeneKay> Why would I care at all? 11:07 < hyper_ch> EugeneKay: because you're a caring person 11:10 <+EugeneKay> u funny bro 11:12 < hyper_ch> :) 11:24 -!- catsup [d@ps38852.dreamhost.com] has quit [Read error: Connection reset by peer] 11:24 -!- catsup [d@ps38852.dreamhost.com] has joined #openvpn 11:34 -!- [zs] [~zs@94.76.206.194] has joined #openvpn 11:38 -!- guifort [~guifort@ALille-554-1-80-165.w90-47.abo.wanadoo.fr] has joined #openvpn 11:38 < guifort> Hello All 11:44 < guifort> I have a small question, for the redirect gateway option 11:47 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 11:47 < guifort> I use OpenVPN on some network like 3G Network or WiMax Network, but on some connection the gateway isn't in the same subnet as the IP address like, IP : 41.201.X.X / 255.255.255.0 and the gateway is 172.20.6.1 11:49 < guifort> When I configure the redirect gateway option with or without def1 , the route add failed because the gateway isn't in the same subnet, ( Windows error) have you a solution ? 11:50 < dioz> run as administrator 11:50 < dioz> i actually don't know 11:50 < dioz> disregard that statement 11:51 < guifort> I 'am at administrator the problem is the same an XP or 7 system 11:52 < guifort> If I try to add a route manually with cmd it fail also, besause the subnet isn't the same :/ 11:59 -!- amir [~amir@unaffiliated/amir] has quit [Remote host closed the connection] 12:00 -!- amir [~amir@unaffiliated/amir] has joined #openvpn 12:02 < dioz> i administer a big network 12:02 < dioz> i hate it 12:14 < catsup> you need to have a route for the gateway 12:14 < catsup> like a host route or whatever 12:15 < catsup> you cannot route over an IP you don't have another route to 12:16 < guifort> yes ... but it's work for the internet access it's strange network with this wimax provider 12:19 -!- [zs] [~zs@94.76.206.194] has left #openvpn ["PING 1327169971"] 12:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has joined #openvpn 12:28 -!- Axeman [~Axeman3@pool-173-52-72-139.nycmny.fios.verizon.net] has quit [Changing host] 12:28 -!- Axeman [~Axeman3@openvpn/user/axeman] has joined #openvpn 12:28 -!- mode/#openvpn [+v Axeman] by ChanServ 12:31 -!- Axeman [~Axeman3@openvpn/user/axeman] has left #openvpn [] 12:37 <@vpnHelper> RSS Update - forum: Which one better 12:39 -!- zz_mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Quit: ZNC - http://znc.in] 12:40 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 12:44 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 12:46 -!- axelm7 [axelm7@186.135.14.163] has joined #openvpn 12:46 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 13:01 <@vpnHelper> RSS Update - forum: User Auth for VPN 13:49 <@vpnHelper> RSS Update - forum: Bought OpenVPN during the week now it won't work 13:58 < jpsil> Hey, can somebody help me with setting up OVPN? 14:01 < dioz> help you what with setting up openvpn? 14:06 -!- Araluccl0 [~lallo@151.77.77.173] has quit [Ping timeout: 252 seconds] 14:15 -!- `Ile` [~kvirc@93-86-248-49.dynamic.isp.telekom.rs] has joined #openvpn 14:15 < Essobi> ecrist: luls. I figured out that weird CCD thing. :| 14:30 -!- JackWinter2 [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 14:34 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 14:38 -!- Shishire [~emperorsh@pdpc/supporter/student/shishire] has joined #openvpn 14:39 -!- Araluccl0 [~lallo@151.77.77.173] has joined #openvpn 14:42 -!- oc80z [oc80z@openvpn/user/oc80z] has quit [Excess Flood] 14:43 -!- oc80z [oc80z@blea.ch] has joined #openvpn 14:59 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has joined #openvpn 14:59 < anonsolal> o/ 15:00 < anonsolal> I've just installed openvpn, how do I use it ? 15:00 < anonsolal> I'm on Linux Mint 15:01 < anonsolal> !welcome 15:01 <@vpnHelper> "welcome" is Start with !goal || we may need !logs and !configs and maybe !interface to help you. || See !howto for beginners. || See !route for lans behind openvpn. || !redirect for sending inet traffic through the server. || Also interesting: !man !/30 !topology !iporder !sample !forum !wiki !mitm || Don't use 192.168.1.0/24 or 192.168.0.0/24 (too much potential for conflict) 15:02 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 15:08 < Olipro> hello, I've just bought a computer, how do I use it? 15:09 * Olipro pushes EugeneKay's "On" button 15:24 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Quit: Ex-Chat] 15:29 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has joined #openvpn 15:33 -!- guifort [~guifort@ALille-554-1-80-165.w90-47.abo.wanadoo.fr] has quit [Quit: Quitte] 16:01 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Ping timeout: 252 seconds] 16:15 -!- p3rror [~mezgani@41.248.198.247] has joined #openvpn 16:19 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has quit [Ping timeout: 245 seconds] 16:21 -!- kaiyou [~kaiyou_fn@blitzen.pierre.jaury.eu] has joined #openvpn 16:23 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has quit [Ping timeout: 248 seconds] 16:27 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has joined #openvpn 16:27 -!- pierreghz [~pierreghz@cust-160-62-111-94.dyn.as47377.net] has quit [Read error: Connection reset by peer] 16:30 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has joined #openvpn 16:32 <@vpnHelper> RSS Update - forum: Problems with OpenVPN 2.2.2 on Windows Server 16:36 -!- anonsolal [~solal@cxr69-2-87-91-63-89.dsl.sta.abo.bbox.fr] has quit [Quit: Quitte] 16:46 -!- Shishire [~emperorsh@pdpc/supporter/student/shishire] has quit [] 16:50 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:02 -!- treund [~treund@97.75.177.42] has joined #openvpn 17:27 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Ping timeout: 272 seconds] 17:34 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:38 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 17:48 -!- tekzilla [~jon@hmbg-4d06b96a.pool.mediaWays.net] has quit [Read error: Operation timed out] 17:48 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Remote host closed the connection] 17:48 -!- Araluccl1 [~lallo@151.77.253.164] has joined #openvpn 17:49 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:50 -!- Araluccl0 [~lallo@151.77.77.173] has quit [Ping timeout: 252 seconds] 17:51 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Client Quit] 17:52 -!- tekzilla [~jon@hmbg-4d06a2b2.pool.mediaWays.net] has joined #openvpn 17:53 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 17:55 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has joined #openvpn 18:14 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 18:14 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has left #openvpn [] 18:15 -!- bestNameEver [~h4x0r@unaffiliated/respekt] has joined #openvpn 18:15 < bestNameEver> hi all 18:15 < bestNameEver> im interested in making my own openvpn driver for windows 18:15 < bestNameEver> could i get some basic pointers on how to configure my options and build for win7 please? 18:16 < bestNameEver> have looked everywhere and kinda feeling abstract 18:20 < Olipro> having the Windows Driver Kit would be a good start 18:21 -!- p3rror [~mezgani@41.248.198.247] has quit [Ping timeout: 240 seconds] 18:24 < bestNameEver> yes i have it installed :) 18:24 < bestNameEver> im in the tap-win32 directory, but im not sure what to do exactly from here 18:24 < bestNameEver> i issued the build command, i dont believe it compiled anything tho lol 18:24 < bestNameEver> help much appreciated Olipro 18:26 < Olipro> why do you think it didn't do anything? 18:27 < Olipro> you should now have a .sys file 18:27 < bestNameEver> i figure i need to alter some config.h settings or something? 18:27 -!- Araluccl0 [~lallo@151.77.193.131] has joined #openvpn 18:27 < bestNameEver> i issued x86 build but im on x64 but i doubt that would make a huge diff 18:28 < Olipro> it does if you want to actually use the driver under x64 18:28 < Olipro> the version that gets compiled depends on the WDK environment you launch 18:29 < bestNameEver> the thing is no compilation seems to take place.. 18:29 < Olipro> go to tap dir -> make 18:30 < bestNameEver> makefile:6: *** missing separator. Stop. 18:30 -!- Araluccl1 [~lallo@151.77.253.164] has quit [Ping timeout: 252 seconds] 18:33 -!- jpsil [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has left #openvpn [] 18:34 -!- p3rror [~mezgani@41.140.172.97] has joined #openvpn 18:34 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Read error: Connection reset by peer] 18:34 -!- BoomSie [~gideon@84-245-27-118.dsl.cambrium.nl] has quit [Quit: Ex-Chat] 18:35 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 18:35 -!- Araluccl1 [~lallo@151.77.204.35] has joined #openvpn 18:35 < bestNameEver> Olipro, can u help me with this? 18:37 -!- Araluccl0 [~lallo@151.77.193.131] has quit [Ping timeout: 252 seconds] 18:37 < Olipro> either there's something wrong with the makefile (presumably not) or your environment isn't configured correctly 18:37 < Olipro> and I really do not feel like pouring through the myriad possibilies the latter could entail 18:38 -!- Araluccl0 [~lallo@151.77.207.200] has joined #openvpn 18:38 < bestNameEver> ok.. 18:38 < bestNameEver> i renamed SOURCES.in to sources and got a few errors now. 18:38 < bestNameEver> cant find autodefs.h 18:40 -!- Araluccl1 [~lallo@151.77.204.35] has quit [Ping timeout: 252 seconds] 18:42 < bestNameEver> might needs some deps like pkcs-11 18:42 < bestNameEver> idk, documented much? 18:43 <@vpnHelper> RSS Update - forum: multiple disconnects while sftp'ing over an openvpn channel 18:43 < bestNameEver> thx 18:43 -!- Araluccl1 [~lallo@151.77.215.37] has joined #openvpn 18:44 -!- Araluccl0 [~lallo@151.77.207.200] has quit [Ping timeout: 252 seconds] 18:44 < bestNameEver> um ok so can anybody help me with some win32 make assistance win7 ? 18:47 < bestNameEver> maybe i need perl lol 18:50 -!- Araluccl0 [~lallo@151.77.223.143] has joined #openvpn 18:52 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Connection reset by peer] 18:52 -!- Araluccl1 [~lallo@151.77.215.37] has quit [Ping timeout: 252 seconds] 18:53 -!- Araluccl1 [~lallo@151.77.227.161] has joined #openvpn 18:55 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 18:55 -!- Araluccl0 [~lallo@151.77.223.143] has quit [Ping timeout: 252 seconds] 18:56 -!- bestNameEver [~h4x0r@unaffiliated/respekt] has left #openvpn [] 19:00 -!- Araluccl0 [~lallo@151.77.235.55] has joined #openvpn 19:01 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 19:01 < h4x0r`> Olipro, im back 19:02 -!- Araluccl1 [~lallo@151.77.227.161] has quit [Ping timeout: 252 seconds] 19:02 < Olipro> I thought you were over at #ipv6 19:07 -!- Araluccl1 [~lallo@151.77.244.124] has joined #openvpn 19:10 -!- Araluccl0 [~lallo@151.77.235.55] has quit [Ping timeout: 252 seconds] 19:19 -!- Araluccl0 [~lallo@151.77.129.130] has joined #openvpn 19:20 < h4x0r`> i will be soon champ 19:22 -!- Araluccl1 [~lallo@151.77.244.124] has quit [Ping timeout: 252 seconds] 19:24 -!- Araluccl1 [~lallo@151.77.134.123] has joined #openvpn 19:25 -!- Denial [Denial@drgi.co.uk] has quit [] 19:27 -!- Araluccl0 [~lallo@151.77.129.130] has quit [Ping timeout: 252 seconds] 19:30 < h4x0r`> alright so sstill no luck customising this driver or building it for use with my own application 19:35 < Olipro> I hate to break this to you, but, even if you get it to build for x64, you still have the issue of signing the driver 19:35 < Olipro> or you can disable driver signing enforcement 19:35 < h4x0r`> i dont plan on distributing it 19:36 < h4x0r`> if u tell how to build it ill work on signing it then lol 19:39 -!- treund [~treund@97.75.177.42] has left #openvpn [] 19:40 < rob0> You would probably do better asking in a channel for your build environment. Most of us here don't even use Windows. 19:41 < rob0> How to compile something in Windows is not really an openvpn issue, even if you happen to be compiling openvpn. 19:45 < rob0> One thing that might be on topic here, although I doubt we'd have much to say about it, would be why you want to build your own tap driver rather than use the distributed binary. 19:45 < h4x0r`> well thanks for the explanation i really appreciate :) 19:45 < h4x0r`> it* 19:46 -!- `Ile` [~kvirc@93-86-248-49.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 19:47 < h4x0r`> rob0, ive always wanted to investigate building my own drivers.. its just a learning curve, thanks to all concerned for that chat, sorry about the random issue, i should be able to get this sorted, i was just thinking there should be more converage on a win32 build, anyway thx again 19:48 < rob0> You can probably learn a lot just from reading and experimenting with the source code. 19:49 < h4x0r`> Absolutley - thats my next form of targetted approach, heh 19:49 < rob0> good luck 20:11 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 20:25 -!- Araluccl0 [~lallo@151.77.188.15] has joined #openvpn 20:28 -!- Araluccl1 [~lallo@151.77.134.123] has quit [Ping timeout: 252 seconds] 20:37 -!- Araluccl1 [~lallo@151.77.199.79] has joined #openvpn 20:39 -!- Araluccl0 [~lallo@151.77.188.15] has quit [Ping timeout: 252 seconds] 20:41 -!- Araluccl0 [~lallo@151.77.202.149] has joined #openvpn 20:43 -!- Araluccl1 [~lallo@151.77.199.79] has quit [Ping timeout: 252 seconds] 20:54 -!- axelm7 [axelm7@186.135.14.163] has quit [Ping timeout: 255 seconds] 21:02 -!- Araluccl1 [~lallo@151.77.218.175] has joined #openvpn 21:04 -!- Araluccl0 [~lallo@151.77.202.149] has quit [Ping timeout: 252 seconds] 21:06 -!- Araluccl0 [~lallo@151.77.221.143] has joined #openvpn 21:08 -!- Araluccl1 [~lallo@151.77.218.175] has quit [Ping timeout: 252 seconds] 21:14 -!- MeanderingCode_ [~Meanderin@97-123-14-239.albq.qwest.net] has quit [Ping timeout: 240 seconds] 21:19 -!- treund [~treund@97.75.177.42] has joined #openvpn 21:31 < h4x0r`> guys srsrly having a nightmare 21:31 < h4x0r`> is there an easy way to compile openvpn under win32? 21:33 < h4x0r`> am i supposed to build dependencies and eddit settings.in 21:33 < h4x0r`> whats the story with it 21:36 < treund> just get a prebuilt 21:37 < h4x0r`> i want to build my own driver 21:37 < h4x0r`> it shouldnt be this , random :p 21:37 < h4x0r`> installing mingw, maybe itll be more effective than perl 21:37 < h4x0r`> the thing is nothings mentioned about settings.in or anything, so im not sure what steps im actually missing . 21:38 < treund> you are trying to build openvpn from source using perl?? 21:38 < h4x0r`> just the tap-win32 driver mate 21:38 < h4x0r`> thats all i need.. 21:39 < h4x0r`> this says download source, cd tap-win32, issue 'build' command from wdk 21:39 < h4x0r`> http://www.varsanofiev.com/inside/using_tuntap_under_windows.htm 21:39 <@vpnHelper> Title: Using tuntap under Windows (at www.varsanofiev.com) 21:39 < treund> http://i3.cs.berkeley.edu/impl/win/tap-win32.html 21:39 <@vpnHelper> Title: TAP-Win32 driver installation (at i3.cs.berkeley.edu) 21:40 < h4x0r`> treund, lulz yes thank you, but i need to build my own 21:42 -!- JackWinter [~jack@ppp-289.vo.lu] has quit [Quit: Konversation terminated!] 21:47 < h4x0r`> omfg. 21:47 < h4x0r`> mingw worked first hit 21:47 -!- JackWinter [~jack@ppp-289.vo.lu] has joined #openvpn 21:55 -!- ph1l [~ph1l@pdpc/supporter/active/ph1l] has quit [Ping timeout: 248 seconds] 21:57 -!- treund [~treund@97.75.177.42] has quit [Quit: leaving] 22:12 -!- Guy1 [~JustMe@75-130-166-114.static.hlrg.nc.charter.com] has joined #openvpn 22:16 -!- Guy1 is now known as me 22:16 -!- me is now known as Guest4572 22:18 -!- Guest4572 [~JustMe@75-130-166-114.static.hlrg.nc.charter.com] has quit [Quit: Leaving] 22:38 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has joined #openvpn 22:39 < kokozedman> hey guys... what's the best way to really speed-up the negotiation between server/client? 22:39 < kokozedman> i'm trying to implement a non-stop internet on a dynamic ip address, which sometimes reconnects 22:39 < kokozedman> and currently, it takes a rather long time, causing the existing connections to sometime break 22:40 < kokozedman> the line takes about 5 - 8 seconds to reconnect 22:40 < h4x0r`> im actually wondering how to change the name of the driver in ipconfig - it comes up as Tap32 V9 i think 22:40 < kokozedman> and openvpn takes about the same 22:41 < Olipro> are you using static TLS keys? 22:42 < kokozedman> Olipro: no, i'm in server/clients mode (several clients, single server) 22:42 < rob0> I can reboot my adsl modem, come back up with a new IP, and 2-3 minutes later when all the dust is settled and vpn reconnects, my ssh sessions are still active. 22:43 < Olipro> ditto 22:43 < Olipro> 5-8 seconds shouldn't impact a TCP connection 22:43 < kokozedman> rob0: yeah, i know SSH is really hard ball at keeping itself alive ... but what about people downloing email attachments 22:43 < Olipro> are you using persist-tun 22:43 -!- ZBandit [~wjones@66.148.253.114.nw.nuvox.net] has joined #openvpn 22:44 < kokozedman> i agree, but given OpenVPN taking about 5 - 10 seconds to re-establish itself after i trigger a SIGUSR1 from ppp's ip-up ... sometimes it breaks 22:44 < kokozedman> Olipro: of course, persist-tun 22:45 < Olipro> is any NAT involved? 22:45 < kokozedman> i'm looking for some ways of shortning the negotiation time ... 22:45 < kokozedman> yes, NAT for sure 22:45 < Olipro> within the tunnel? 22:45 < ZBandit> I'm new to the VPN world.... Got a few quick questions I can't find the answer to..... #1 - if a local network is on the 192.168.0.x class, can openvpn be configured so when an outside machine logs in, it can have the same class ip? 22:45 < kokozedman> i mean, the first time it negotiates, it's fine if it takes a long time... but for the subsequent reconnects... i think it should be quicker 22:46 < Olipro> if you use the MASQUERADE target, it will deliberately forget all connections once it sees the interface go down 22:46 < Olipro> which, no matter how fast OpenVPN connects, will kill connections 22:46 < Olipro> *reconnects 22:46 < kokozedman> Olipro: within the tunnel is MASQUERADE ... but the link established with the tunnel is through direct ppp 22:46 < Olipro> ok, stop using MASQUERADE 22:47 < rob0> there should be no need for NAT within the tunnel, only if using redirect_gateway and assigning RFC 1918 addresses. 22:47 < Olipro> like I just said, you could have OpenVPN reconnecting in 10 millisecond 22:47 < Olipro> it would STILL kill all your connections 22:47 < rob0> and that nat only is needed for traffic leaving the vpn 22:47 < Olipro> switch to SNAT, or better yet, stop using NAT completely 22:47 < rob0> !route 22:47 <@vpnHelper> "route" is (#1) http://www.secure-computing.net/wiki/index.php/OpenVPN/Routing if you have lans behind openvpn, read it DONT SKIM IT or (#2) READ IT DONT SKIM IT or (#3) See !tcpip for more info about a more basic networking guide 22:48 < rob0> ZBandit, "192.168.0.x class" means what? 22:48 < kokozedman> hmm... thing is, the tun0 never goes down... and MASQUERADE is ON IT 22:48 < kokozedman> tun0 never goes down, on server, on clients ... so, i don't think MASQUERADE is a problem 22:49 < Olipro> you'll never find out unless you switch 22:49 < Olipro> and I honestly see no reason not to switch 22:49 < ZBandit> rob0: I want to have a small block of ip's set aside for outside machines... 192.168.0.200-210. All the rest of the local lan uses .1-.100 22:49 < rob0> still, the fact that you are using NAT where NAT should not be needed: that is a problem 22:49 < h4x0r`> so can i change the tap32 driver name that shows in ipconfig? anyone know how? 22:49 < Olipro> well, if his server isn't his to control, and/or it's in multi-client mode 22:49 < kokozedman> as for OpenVPN connecting to the server, it is set to persiste, and every-5 seconds it tries, but the tun0 is still on .... then after about 10 seconds, the transfers begin to flow again 22:49 < Olipro> routing to clients behind a peer can be problematinc 22:49 < Olipro> *problematic 22:50 < rob0> ZBandit, first, when designing networks, use CIDR boundaries, not decimal ones. In the long run you will be glad you did. 22:50 < Olipro> kokozedman: I believe it persists the interface but netfilter knows the interface isn't actually connected 22:50 < kokozedman> rob0: why should NAT not be needed here? it's forwarding internet you know... the 10.8.0.1 is the gateway here 22:50 < rob0> Second, see the /topic and the howto 22:51 < Olipro> because you have the entirety of RFC1918 space to play with 22:51 < Olipro> NAT from RFC1918 space to a public address? sure 22:51 < ZBandit> k 22:51 < Olipro> from RFC1918 to another RFC1918? No. 22:52 < rob0> koko, as I said, use NAT from RFC1918-->world but not ^^ 22:52 < ZBandit> so .193-254 22:52 < Olipro> otherwise it's essentially double NAT 22:52 < kokozedman> Olipro: the connections DOES NOT break sometimes ... that is, if openvpn reconnects quick (sometimes it does) ... but it breaks if it takes too long; so, i'm guessing there is no MASQUERADE or netfilter problem here, just the TCP stack timing-out after some time 22:52 < Olipro> you're guessing 22:52 < Olipro> if you just want to guess because you can't be bothered (or don't know how) to use SNAT, that's your problem, not mine 22:53 < Olipro> then again, you don't know how to route either 22:53 < rob0> ZBandit, 192-207 would be 192.168.0.192/28 22:53 < kokozedman> alright man, not that i don't want to check it, but simply that i'm sure nothing breaks in-between ... only need to shorten the amount of time for reconnects 22:53 < rob0> ZBandit, also, 192.168.0-2 are common choices, you might be better off choosing a less common network 22:54 < rob0> 172.16.0.0/12 has lots of rarely-chosen networks 22:54 < Olipro> 172.12.0.0/12 is a good candidate 22:55 < Olipro> *16 22:55 < ZBandit> ok got it 22:56 < Olipro> kokozedman: to know /definitively/ you could get conntrack tools (or continuously dump from proc) and observe the conntrack table 22:56 < Olipro> trigger the reconnect and see if it forgets NATted connections or not 22:56 < rob0> afk 22:57 < kokozedman> Olipro: hmm... i have no idea what is all that... 22:57 < kokozedman> some wikis? articles? 22:58 < h4x0r`> guys 22:59 < h4x0r`> how can i change this in the source code - TAP-Win32 Provider V9 22:59 < Olipro> install conntrack tools, read the manpages? 22:59 < h4x0r`> or is that non compliant 23:00 < Olipro> do you not have something that will do a "Find in Files" for you 23:00 < Olipro> heck, Windows should have that built in 23:00 < h4x0r`> ur right lol 23:01 < h4x0r`> hoping its in the oem inf 23:03 < h4x0r`> yup - sure is :D 23:03 <@vpnHelper> RSS Update - forum: Newbee Help Please 23:08 < kokozedman> Olipro: sorry for the probably silly question, but where do i get that installed? the platform on which the openvpn client is running is on an openwrt router... and right now, i'm connected to the internet thru the router (which is taking internet from openvpn) 23:13 < Olipro> use opkg or luci 23:13 < Olipro> it's called conntrack-tools I believe 23:14 < Olipro> except, OpenWRT doesn't provide manpages 23:14 < Olipro> so if you don't know how to use it 23:14 < Olipro> I'd start with google 23:14 < Olipro> or install it on a major linux distro 23:15 < Olipro> i.e. one not designed for embedded systems 23:16 <@vpnHelper> RSS Update - forum: DNS issues 23:20 -!- jameslordhz [~jack@125.109.172.245] has quit [Ping timeout: 240 seconds] 23:30 -!- corretico [~luis@190.211.93.11] has quit [Ping timeout: 255 seconds] 23:34 -!- jameslordhz [~jack@220.190.19.70] has joined #openvpn 23:35 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 23:42 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 23:42 < h4x0r`> :) 23:42 < h4x0r`> Niiiice.. --- Day changed Sun Jan 22 2012 00:04 < h4x0r`> ive got my openvpn driver installed - should this bring up the device? 00:04 < h4x0r`> netsh interface ip set address static 10.3.0.1 255.255.255.0 00:22 -!- kokozedman [607fb67a@gateway/web/freenode/ip.96.127.182.122] has quit [Ping timeout: 264 seconds] 00:32 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 01:01 -!- ZBandit [~wjones@66.148.253.114.nw.nuvox.net] has left #openvpn [] 01:11 < hyper_ch> krzee: dazo_afk: you know this: http://www.peervpn.net/ 01:11 <@vpnHelper> Title: PeerVPN - the open source peer-to-peer VPN (at www.peervpn.net) 01:14 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 01:17 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 01:21 -!- Gravitron [~admin@64.93.224.242] has joined #openvpn 01:21 -!- Gravitron [~admin@64.93.224.242] has quit [Changing host] 01:21 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 01:25 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Ping timeout: 244 seconds] 01:29 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 01:31 < h4x0r`> hey guys, so is this the right way to get the tap32 device up? netsh interface ip set address static 10.3.0.1 255.255.255.0 01:52 -!- mjbots [~thutomj@168.167.176.49] has quit [Ping timeout: 252 seconds] 01:58 < h4x0r`> the idea was to use a ssh tunnel and the driver to enable systemwide tunnelling.. 02:11 -!- mjbots [~thutomj@168.167.176.49] has joined #openvpn 02:16 <+EugeneKay> h4x0r` - to be frank, "wtf r u doin?" 02:17 < h4x0r`> lulz 02:17 < h4x0r`> ok 02:19 < h4x0r`> well i was thinking about using the driver tap-win32 from openvpn sources 02:19 < h4x0r`> to make my own personal local network with ssh/vpn 02:19 < h4x0r`> so ive built the driver, but not sure how to bring the interface up 02:21 <+EugeneKay> A-huh. 02:22 <+EugeneKay> While I commend you on your haxing ability(seriously, that's pretty cool), I think it's a waste of time if you're doing it as anything other than an academic exercise. 02:22 < Olipro> you do realise the driver on its own just exposes an API? 02:22 < Olipro> you need to actual userspace program to feed packets into it 02:22 < Olipro> such as oooh err... OPENVPN 02:22 <+EugeneKay> As for how to up/down an interface on Windows, I haven't' a bloody clue. I just right-click the bugger and hit "Disable" 02:23 < h4x0r`> yes im writing the program 02:23 < h4x0r`> lol@disable.. 02:23 < Olipro> the TAP interface brings itself up when a userspace program brings it up 02:23 < h4x0r`> yes thats what im looking into now 02:25 < Olipro> I'm still not clear on why you want a custom driver for this 02:25 < Olipro> there's nothing stopping you from operating OpenVPN over a LAN 02:25 < Olipro> whether encrypted or not 02:25 < hyper_ch> hi EugeneKay 02:25 <+EugeneKay> Rawr 02:26 < hyper_ch> EugeneKay: you know this? http://www.peervpn.net/ 02:26 <@vpnHelper> Title: PeerVPN - the open source peer-to-peer VPN (at www.peervpn.net) 02:26 <+EugeneKay> I do not. 02:26 < h4x0r`> Olipro, ive noticed a lot of openvpn clients bring up the client and push all internet traffic throught the vpn 02:26 < hyper_ch> EugeneKay: get to know it and give me your thoughts :) 02:26 < h4x0r`> i find this far more awesome than using a socks5 http tunnel for example 02:26 < Olipro> h4x0r`: that has NOTHING to do with OpenVPN or the driver you've just compiled 02:27 < Olipro> OpenVPN will do /nothing/ whatsoever to your OS's routing table unless instructed to 02:27 <+EugeneKay> Looks like Tor, but without all the Tor stuff. 02:27 -!- Gnewt [~vector@submarine.gnewt.at] has quit [Ping timeout: 255 seconds] 02:28 < h4x0r`> Olipro, im not sure what you're getting at 02:28 < Olipro> if that's the real basis for you compiling that driver, you've just completely wasted your time 02:28 < h4x0r`> id like to run a vpn with the driver 02:28 <+EugeneKay> While I commend you on your haxing ability(seriously, that's pretty cool), I think it's a waste of time if you're doing it as anything other than an academic exercise. 02:28 < Olipro> you can open a VPN tunnel with OpenVPN without making a single damn change to your routing 02:29 < Olipro> if you WANT to route a prefix, however large or small, you can 02:29 < Olipro> you are wasting your time here completely 02:29 < h4x0r`> na mate 02:29 < h4x0r`> ur off by a mile 02:29 < h4x0r`> i want to use the driver for a vpn 02:29 < Olipro> right, but what is it that OpenVPN can't do for you 02:30 < h4x0r`> i wouldnt be here if it couldnt do anything for me 02:30 < Olipro> that wasn't what I asked 02:30 < h4x0r`> this is very cryptic 02:30 <+EugeneKay> !notopenvpn 02:30 <@vpnHelper> "notopenvpn" is your problem is not about openvpn, and while we try to be helpful, you may have a better chance of finding your answer if you ask your question in a channel related to your problem 02:30 < Olipro> I asked what it is that OpenVPN can't do for you that you think you need to compile a custom driver and userspace program for 02:30 < h4x0r`> ohhh 02:31 < h4x0r`> na, im just coding my own client :s 02:31 <+EugeneKay> This is a OpenVPN userspace support channel. I'm not sure what you're doing, but it really isn't..... relavent. 02:31 < Olipro> well if you want to reinvent the wheel for the heck of it, by all means 02:31 < h4x0r`> relevant* 02:31 < Olipro> but that wasn't what you were implying 02:31 < h4x0r`> yeah its just a program i feel like coding, and i just want to use the driver lol 02:32 < h4x0r`> its interesting.. nevermind.. 02:33 <+EugeneKay> Interesing, yes. Something we can help you with, no. ;-) 02:35 < h4x0r`> maybe :p 02:35 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 02:39 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 244 seconds] 02:46 -!- Gnewt [~vector@submarine.gnewt.at] has joined #openvpn 02:47 -!- Gnewt [~vector@submarine.gnewt.at] has quit [Read error: Connection reset by peer] 02:50 -!- jameslordhz [~jack@220.190.19.70] has quit [Ping timeout: 240 seconds] 02:51 -!- axelm7 [~axelm7@186.135.14.163] has joined #openvpn 02:55 -!- axelm7 [~axelm7@186.135.14.163] has quit [Ping timeout: 240 seconds] 03:04 -!- jameslordhz [~jack@125.109.161.106] has joined #openvpn 03:06 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 03:12 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 03:17 -!- jameslordhz [~jack@125.109.161.106] has quit [Ping timeout: 248 seconds] 03:45 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 04:12 -!- thutomj_ [~thutomj@168.167.176.49] has joined #openvpn 04:15 -!- mjbots [~thutomj@168.167.176.49] has quit [Ping timeout: 260 seconds] 04:20 -!- master_of_master [~master_of@p57B55616.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:24 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 04:25 -!- master_of_master [~master_of@p57B537F5.dip.t-dialin.net] has joined #openvpn 04:30 <@vpnHelper> RSS Update - forum: Problems with OpenVPN 2.2.2 on Windows Server 04:50 -!- jameslordhz [~jack@125.109.161.106] has joined #openvpn 05:11 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has joined #openvpn 05:19 -!- wat [~watter@host134.186-125-77.telecom.net.ar] has quit [Ping timeout: 240 seconds] 05:22 -!- X0Rc0re [~chatzilla@124-169-86-8.dyn.iinet.net.au] has joined #openvpn 05:33 -!- wat [~watter@host47.200-45-225.telecom.net.ar] has joined #openvpn 05:40 -!- h4x0r` [h4x0r@79.133.201.85] has joined #openvpn 05:40 -!- h4x0r` [h4x0r@79.133.201.85] has quit [Changing host] 05:40 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 05:44 -!- wat [~watter@host47.200-45-225.telecom.net.ar] has quit [Ping timeout: 240 seconds] 05:50 -!- X0Rc0re [~chatzilla@124-169-86-8.dyn.iinet.net.au] has quit [Quit: ChatZilla 0.9.88 [Firefox 8.0.1/20111120135848]] 05:58 -!- wat [~watter@host56.201-252-192.telecom.net.ar] has joined #openvpn 06:03 -!- s7r [~s7r@openvpn/user/s7r] has joined #openvpn 06:03 -!- mode/#openvpn [+v s7r] by ChanServ 06:08 -!- wat [~watter@host56.201-252-192.telecom.net.ar] has quit [Ping timeout: 240 seconds] 06:09 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [] 06:10 -!- h4x0r` [h4x0r@79.133.201.85] has joined #openvpn 06:10 -!- h4x0r` [h4x0r@79.133.201.85] has quit [Changing host] 06:10 -!- h4x0r` [h4x0r@unaffiliated/respekt] has joined #openvpn 06:10 -!- h4x0r` [h4x0r@unaffiliated/respekt] has quit [Remote host closed the connection] 06:19 -!- Araluccl1 [~lallo@151.77.96.58] has joined #openvpn 06:21 -!- wat [~watter@host44.186-125-76.telecom.net.ar] has joined #openvpn 06:22 -!- Araluccl0 [~lallo@151.77.221.143] has quit [Ping timeout: 252 seconds] 06:26 -!- Denial [Denial@drgi.co.uk] has joined #openvpn 06:30 < hyper_ch> where's my krzee and dazo_afk :( 06:30 < hyper_ch> hi mattock 06:41 <+EugeneKay> Hiding. 06:43 -!- Araluccl0 [~lallo@151.77.137.198] has joined #openvpn 06:45 -!- Araluccl1 [~lallo@151.77.96.58] has quit [Ping timeout: 252 seconds] 06:46 <+s7r> with static key I can only use 1 client and 1 server at a time? 06:46 <+s7r> i can't have 3 clients on one server each with static keyts? 06:46 <+s7r> keys* 06:49 < hyper_ch> you can have multiple clients connecting with the same key 06:49 < hyper_ch> but that's bad 06:49 < hyper_ch> but you can make new keys 06:50 <+s7r> can each client have its own key ? 06:50 <+s7r> and connect one at a time anytime? 06:51 < hyper_ch> you can have multiple clients connecting with the same key at the same time 06:51 < hyper_ch> but that's bad 06:51 < hyper_ch> but you can make new keys for each client 06:52 <+s7r> how? 06:52 < hyper_ch> !pki 06:52 <@vpnHelper> "pki" is (#1) http://openvpn.net/index.php/open-source/documentation/howto.html#pki for how to make your PKI stuff (ca, and certs) or (#2) Heres a basic rundown of how it works... The server, client, and ca certs are all signed by the same ca.key. The server and client use the ca.crt to check that eachother were signed by the right ca.key. Optionally, the client also checks that the server cert was 06:52 <@vpnHelper> signed specially as a server (see !servercert) 07:00 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 07:00 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 07:00 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 07:02 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [Client Quit] 07:05 -!- axelm7 [axelm7@186.135.14.163] has joined #openvpn 07:10 -!- wat [~watter@host44.186-125-76.telecom.net.ar] has quit [Ping timeout: 240 seconds] 07:24 -!- wat [~watter@host176.200-82-62.telecom.net.ar] has joined #openvpn 07:31 -!- Araluccl1 [~lallo@151.77.141.231] has joined #openvpn 07:34 -!- Araluccl0 [~lallo@151.77.137.198] has quit [Ping timeout: 252 seconds] 07:34 -!- Araluccl0 [~lallo@151.77.238.190] has joined #openvpn 07:35 -!- Araluccl1 [~lallo@151.77.141.231] has quit [Ping timeout: 252 seconds] 07:41 -!- Araluccl1 [~lallo@151.77.248.88] has joined #openvpn 07:43 -!- s7r [~s7r@openvpn/user/s7r] has left #openvpn [] 07:44 -!- Araluccl0 [~lallo@151.77.238.190] has quit [Ping timeout: 252 seconds] 07:46 -!- Araluccl0 [~lallo@151.77.249.113] has joined #openvpn 07:46 -!- Araluccl1 [~lallo@151.77.248.88] has quit [Ping timeout: 252 seconds] 08:07 -!- pierreghz [~pierreghz@cust-211-13-111-94.dyn.as47377.net] has joined #openvpn 08:30 -!- fonk [~fonk@unforgotten.de] has joined #openvpn 08:35 < fonk> Hi! I try to configure auth-ldap, but get "LDAP bind failed: Confidentiality required (confidentiality required)" - here's my ldap-config: http://nopaste.info/0bf8a18a6b.html What could be the problem? With ldaps and TLSEnable no, it works without problems, bur i'd like to use StartTLS 08:48 -!- Diffen [~diffen@78-82-119-12.tn.glocalnet.net] has quit [Quit: This computer has gone to sleep] 09:00 -!- Han [~han@unaffiliated/han] has joined #openvpn 09:01 < Han> Can I set the upload limit for a client? The client is on adsl and getting data is no problem, uploading is though. 09:02 < Han> It chokes the connection if I upload something over nfs. 09:03 -!- michaelgamble [~michaelga@CPE00195b25196b-CM001cea3dc820.cpe.net.cable.rogers.com] has joined #openvpn 09:03 < michaelgamble> hey anybody around? 09:04 < michaelgamble> I'm trying to figure out how to go about connecting to an openvpn server from a mac.. anyone have any experience with this? 09:07 < hyper_ch> yes 09:10 < michaelgamble> i logged into the https web gui of my openvpn server and i see they have an installer for mac.. however i can't seem to determine how old that installer is nor can i find client version info on google :p 09:10 < michaelgamble> the other thing is i see most tutorials say to use tunnelblick 09:11 < michaelgamble> any direction on how i figure out what client version is the newest / or should i be using tunnelblick? 09:14 < michaelgamble> i apologize for the berage of questions, last time i tried this prior to my last format i screwed it up and never was able to get it to work 09:17 -!- pierreghz [~pierreghz@cust-211-13-111-94.dyn.as47377.net] has quit [Ping timeout: 252 seconds] 09:19 -!- thutomj_ [~thutomj@168.167.176.49] has quit [Ping timeout: 240 seconds] 09:22 < michaelgamble> sweet 09:22 < michaelgamble> i took a chance with the default openvpn osx installer and it worked without any issue 09:23 < michaelgamble> love when things work seemlesslhy 09:23 < ecrist> Essobi: what was it? 09:24 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has joined #openvpn 09:27 < hyper_ch> hi ecrist 09:27 < ecrist> hi, hyper_ch 09:27 < hyper_ch> ecrist: you know this? http://www.peervpn.net/ 09:27 <@vpnHelper> Title: PeerVPN - the open source peer-to-peer VPN (at www.peervpn.net) 09:28 -!- wat [~watter@host176.200-82-62.telecom.net.ar] has quit [Ping timeout: 240 seconds] 09:28 < ecrist> hyper_ch: never heard of it, seems to have not been developed since 2009 though. 09:29 < hyper_ch> Well, in case it's perfected, it doesn't need to be maintained anymore 09:30 < ecrist> yeah, things don't work that way 09:31 < ibins> perfect software -> :-) 09:31 < ibins> But first: Hello" 09:32 < ibins> Does anybody have knowledge of OpenVPN plugins, that connect the management interface of OpenVPN to a bus system like dbus? 09:32 < hyper_ch> what management interface? 09:32 < ecrist> nope 09:32 < ecrist> ibins: what are you trying to do 09:32 < ibins> The management interface of OpenVPN 09:33 < hyper_ch> there is no openvpn management interface 09:33 < ecrist> hyper_ch: yes there is 09:33 < hyper_ch> IIRC 09:33 < hyper_ch> ecrist: LIES!!! 09:33 -!- mode/#openvpn [+o ecrist] by ChanServ 09:33 < ibins> I'm working on a minimalistic IPC-bus 09:33 -!- hyper_ch was kicked from #openvpn by ecrist [don't spread false information] 09:33 <@ecrist> !goal 09:33 <@vpnHelper> "goal" is Please clearly state your goal for your vpn: example, I would like to access the lan behind the server , I would like to access the internet over my vpn , I just want a secure connection between 2 computers , etc 09:33 -!- hyper_ch [~hyper_ch@ks357331.kimsufi.com] has joined #openvpn 09:34 < ibins> The aim is to have a very small dbus 09:35 <@ecrist> the management interface can do some of what you might want, but I doubt all 09:35 < ibins> especially for embedded devices running a mini linux or even driven by a uC without any OS 09:35 <@ecrist> there is much useful information in the openvpn status log, and other actions can be done with client-connect and client-disconnect 09:37 < ibins> As far as I can see, there are two possibilities: 09:37 < ibins> a) create a separate process, that connects to the management interface of OpenVPN and to the dbus-like system 09:37 < ibins> b) create a OpenVPN-plugin, that connects direktly to the dbus-like system 09:38 -!- newl [~newl@97.75.165.156] has joined #openvpn 09:38 < ibins> The problem with a) is, that a separate process is not very nice. One has to start it, stop it and so on. 09:39 < ibins> The problem with b) is, that there are to view Hooks for the Plugins. 09:39 < ibins> Example: There is nothing, that could be use directly after starting the OpenVPN instance. 09:39 < newl> ibins: what do you want to do? 09:40 < ibins> The first callback to use is OPENVPN_PLUGIN_UP. 09:41 < ibins> newl: I want to connect OpenVPN to another system like dbus by creating some kind of software, that communicates via the OpenVPN management interface and the other system (like dbus) 09:42 -!- wat [~watter@host173.190-30-138.telecom.net.ar] has joined #openvpn 09:43 < ibins> hyper_ch: What did you mean? (before being kicked :-) 09:44 < newl> ibins why would you want to do that? 09:44 < newl> talking about crazy ^h^h^h new things sheds light on them 09:45 < ibins> Another process should be able to control OpenVPN. Example: 09:45 < ibins> Some kind of software watchdog should check, if an OpenVPN instance is still running. 09:46 < ibins> Or I want to retrive the routing table of the OpenVPN process and display it somewhere 09:46 < ibins> This is all possible with the --management option. 09:46 < ibins> But: 09:46 < newl> ps -efw and route run on a crond/atd ? 09:47 < ibins> I do not want to code shell scripts. 09:47 < ibins> This is thought to run on embedded devices like OpenWRT 09:48 < newl> the --management option is interesting 09:48 < ibins> DBus is too heavy, it needs expat (about 120kB) and libdbus.so is also about 240kB) 09:48 < ibins> So I decided to code my own little Inter Process Communications daemon 09:49 < ibins> OpenVPN is not the only instance, I want to control 09:50 < krzee> [07:47] I do not want to code shell scripts. 09:50 < krzee> [07:47] This is thought to run on embedded devices like OpenWRT 09:50 < krzee> fyi, openwrt runs shell scripts :-p 09:50 < ibins> krzee: yes, that why it is soooo slow 09:51 < krzee> openwrt running a shell script is too slow? 09:51 < ibins> OpenWRT itself is quite slow 09:51 < krzee> i run shell scripts from mine all the time, and my openwrt setups are anarexic on their hardware... the scripts run just fine 09:52 < ibins> How long does it take for your box to boot? 09:52 < krzee> the openwrt? 09:52 < ibins> Yes 09:52 < krzee> not sure, i just wait til the light stops, maybe 2 min or something 09:52 < krzee> cant say boot time weas ever that important for the router 09:52 < krzee> its not being rebooted so often 09:52 * ecrist starts to think ibins doesn't know what he's doing 09:55 < ibins> The bootup process is only an example. 09:55 < ibins> Lets set up another example: 09:56 < ibins> On your embedded device is a process, that controls LEDs. When OpenVPN is started, it should blink. If the tunnel is up, it should be on all the time 09:56 < newl> and ecrist is the winner 09:57 < axelm7> hi guys, got an issue here. openvpn 2.2.1 client running on a dd-wrt router. it is connected to my OpenVPN server just fine. After some time the client crashes on the router and obviously it looses the connection. 09:58 < ibins> Still interested? If not, then I save the effort of typing. 09:58 < axelm7> I would like to create a cron job on the router that does ps | grep openvpn and if there is no output it should restart the openvpn client. Can someone help me with the syntax for that command? 09:58 < newl> you gotta make _some_ sense with what you are saying 09:59 < ibins> newl: so I will continue: 10:00 <@ecrist> axelm7: it's pretty straight forward 10:00 < ibins> To get the LED controlling process the information, how to blink the LED, one could use the management interface of OpenVPN. 10:01 < ibins> Open a UDS socket, ask OpenVPN with "status" and interprete the answer. 10:01 < ibins> This would all be fine 10:01 < ibins> Now imagine a lot of such processes like the LED controling process 10:01 <@ecrist> axelm7: on my machine, I'd do: ps -p `cat /var/run/openvpn.pid` 10:01 <@ecrist> if that exits 1, openvpn isn't running 10:02 <@ecrist> if it exits 0, openvpn is running 10:02 < ibins> Would it not be fine, if all this IPC could be handled with some kind of messaging system, that all participants understand? 10:03 < newl> axelm7: if [ `ps | grep -c [o]penvpn` -eq 0 ]; then echo it is not running; fi 10:03 <@ecrist> ibins: for an LED like that, you really should tie to a kernel module which monitors the status of the tap or tun interface 10:04 < ibins> If it where only the LED information I wanted, this would be sufficient. But I also want all the other information of OpenVPN, like the IP adresses, routes.... 10:05 -!- wat232 [~watter@host105.190-30-138.telecom.net.ar] has joined #openvpn 10:05 <@ecrist> and, like I said, you can get that from the openvpn status log 10:05 < ibins> The tun device alone does not necessarily indicate, that the tunnel is up and running. 10:05 < ibins> grep on the log is possible 10:06 < ibins> All this would be possible in many possible ways. 10:06 < ibins> But I do not want to use shell scripts. 10:07 < ibins> Lets be silly and say, that we want to check every second, if a tunnel is up or not. 10:07 < ibins> We want a very accurate LED. 10:07 < ibins> This is nonsense, but let me continue: 10:07 < ibins> If you start a shell script every second, you burn a lot of CPU power and ram 10:08 -!- wat [~watter@host173.190-30-138.telecom.net.ar] has quit [Ping timeout: 240 seconds] 10:08 < ibins> Just initiating a process costs a lot of CPU power 10:09 < newl> you on a 286? or 8088? 10:09 <+EugeneKay> bash might be slow, so it's a good thing I'm not trying to run it on a TI-83 10:10 <+EugeneKay> If your openwrt has issues with cpu time being eaten up by a bash script, I think you have bigger problems. Like the 100mbit it's passing. 10:10 < ibins> I'm on a armv4 10:10 < ibins> 100 MBit/s are never possible on my device. 10:10 < ibins> Using certs I achive max 5 MBit/s with Blowfish 10:11 < ibins> I want to save as much CPU power for the important task: Communicating. 10:11 <+EugeneKay> I was speaking about the port itself, sans openvpn, but OK. 10:11 < ibins> The LED is fine, but it should cost as less CPU as possible 10:12 <+EugeneKay> While you're busy calculating the number of MIPS eaten up by a shell script that blinks a LED, the rest of us will be doing something useful. Like actually running our vpns ;-) 10:12 <@ecrist> indeed 10:12 <@ecrist> ibins: at this point, you're just wasting everyone's time 10:12 <@ecrist> feel free to leave any time. ;) 10:12 < ibins> OK. Sorry. 10:15 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Read error: Operation timed out] 10:16 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 10:16 < rob0> !sweet 10:16 <@vpnHelper> "sweet" is http://sweet.nodns4.us/ =( 10:17 < rob0> :) 10:23 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has joined #openvpn 10:31 < axelm7> newl, thanks a lot. ended up doing this: if [ `ps | grep -c [o]penvpn` -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi & 10:31 < axelm7> now I need to set this up to run once every 5 mins in dd-wrt 10:32 < newl> dd-wrt can you get a crond on it? :) 10:35 -!- unixSnob [~unixSnob@212.117.169.230] has joined #openvpn 10:35 < unixSnob> How do you discover what DNS server is actually being queried? I have doubts about /etc/resolv.conf when tunneling.. Is there a definitive test that can be done? 10:35 < ibins> If you have no crond, you could start a shell script, that restart OpenVPN whenever it fails: http://pastebin.com/1tnL9dVx 10:36 < newl> unixSnob: nslookup www.ibm.com 10:38 < unixSnob> newl: does "server:" in that output refer to the DNS server? It shows my routers IP 10:38 <+EugeneKay> Yes. You'd think a "unix snob" would know that. 10:39 < unixSnob> this contradicts what the VPN admins told me 10:39 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has quit [Ping timeout: 248 seconds] 10:40 < unixSnob> some VPN admin said DNS automatically routes to the VPN server 10:40 <+EugeneKay> Well, they're wrong. 10:40 < unixSnob> but my router would not know where that is 10:41 <+EugeneKay> nslookup only tells you the resolver used by that particularly machine. If your router is doing a simple forward, then you'd have to rerun the test there. 10:41 <+EugeneKay> Even then, the underlying resolver might simply be forwarding. 10:42 < unixSnob> EugeneKay: the router actually gives its own IP address when I do a "nslookup www.ibm.com" 10:42 <+EugeneKay> I dunno where the client end of your openvpn is being terminated, so I dunno, 10:42 < unixSnob> it's not at the router.. it's on a machine on the LAN 10:43 <+EugeneKay> Mmmkay. Then you'll need to change the DNS server list somehow if you want to change it. :-p 10:43 <+EugeneKay> resolveconfd may be of interest 10:45 < unixSnob> is there a way to find out the IP of the VPN servers DNS server? When I ask the VPN provider what the DNS is, they insist that it's taken care of -- i cannot get a straight answer 10:47 < newl> unixSnob: i'm guessing they don't want you messing with their _working_ setup? why do you want to ? 10:48 < unixSnob> newl: they only support mac and windows. To use a GNU platform, I've dissected their app for the keys and configured openvpn to use them 10:49 < unixSnob> and it works -- but DNS is apparently outside the tunnel 10:50 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 10:52 < Tykling> hello gentlemen, I have a tun vpn between two freebsd 9 servers, I've specified "local" and "bind" and "lport" in the config but openvpn still connects from another IP and port, can someone help me figure out why ? 10:52 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has joined #openvpn 10:54 <@ecrist> !configs 10:54 <@vpnHelper> "configs" is (#1) please pastebin your client and server configs (with comments removed, you can use `grep -vE '^#|^;|^$' server.conf`), also include which OS and version of openvpn. or (#2) dont forget to include any ccd entries 10:54 <@ecrist> !logs 10:54 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 10:56 < newl> unixSnob: you used the nslookup www.ibm.com from your end of the tunnel ? and it worked? 10:58 < unixSnob> newl: it worked, i believe, however I don't ultimately know where the router is getting the DNS from. I suspect it's whatever dns the ISP sends w/ the DHCP data 10:59 < unixSnob> in any case, it seems to indicate that the DNS info is not coming from the VPN provider 11:00 < newl> check your cat /var/lib/dhcpcd/dhcpcd-wlan0.info 11:00 < newl> yfmv 11:02 < unixSnob> ty 11:03 -!- wat232 [~watter@host105.190-30-138.telecom.net.ar] has quit [Ping timeout: 240 seconds] 11:05 -!- p3rror [~mezgani@41.140.172.97] has quit [Ping timeout: 240 seconds] 11:10 -!- unixSnob [~unixSnob@212.117.169.230] has quit [Ping timeout: 245 seconds] 11:12 -!- unixSnob [~unixSnob@64.37.55.205] has joined #openvpn 11:12 -!- unixSnob [~unixSnob@64.37.55.205] has quit [Client Quit] 11:15 -!- axelm8 [axelm7@186.135.9.36] has joined #openvpn 11:16 -!- axelm7 [axelm7@186.135.14.163] has quit [Ping timeout: 255 seconds] 11:17 -!- wat232 [~watter@host143.200-82-66.telecom.net.ar] has joined #openvpn 11:37 <@vpnHelper> RSS Update - forum: Client can connect but has no access to the Internet 11:38 < axelm8> newl, there is a crond on my router. http://screencast.com/t/LLxHVTqRzz 11:39 <@vpnHelper> Title: 01.22.2012-14.38.34 - axelm7's library (at screencast.com) 11:51 -!- ibins [~Michael@2001:6f8:1c60:7777:21a:4dff:fe66:600c] has left #openvpn ["Verlassend"] 11:57 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has joined #openvpn 11:59 < SviMik> Hi all. Does anybody know, how to redirect default gateway on linux client with internet access via PPPoE? 11:59 < SviMik> the log says: NOTE: unable to redirect default gateway -- Cannot read current default gateway from system 12:00 < SviMik> problem: I also can't figure out the gateway IP in PPPoE connection 12:01 < newl> getting a pppoe connection should do all that automatically 12:13 <@vpnHelper> RSS Update - forum: Restrict remote access across tunnel ! ? 12:15 < SviMik> newl no, pppoe connection already exists and works 12:16 < SviMik> I want openvpn over pppoe 12:16 < axelm8> so you have your wan connection on pppoe. I don't understand what that has to do with your tun adapter and your routing rules 12:17 < SviMik> but to keep openvpn connection, I need to redirect all traffic to openvpn server, EXCEPT openvpn connection itself 12:17 < SviMik> to do that, "redirect-gateway" should create route "remote_host 255.255.255.255 net_gateway" 12:18 < SviMik> and only then redirect all traffic 12:18 < axelm8> and apparently it is not 12:18 < SviMik> but what is net_gateway in case of pppoe? 12:19 < SviMik> openvpn can't find net_gateway, so redirect-gateway doesn't work 12:19 <@vpnHelper> RSS Update - forum: why ethernet bridge need ip address 12:19 < axelm8> I use pppoe on my dd-wrt router, let me see what adapters I have 12:20 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 12:20 -!- gremly [~gremly@200.106.218.64] has quit [Client Quit] 12:20 < axelm8> my wan adapter is ppp0 12:22 < SviMik> axelm8 but which gateway should I use to direct traffic to ppp0 (if I need to do that manually)? 12:23 < axelm8> what does www.whatismyip.org say? 12:23 < axelm8> and what does route -n say? 12:24 < axelm8> and ifconfig 12:25 < SviMik> www.whatismyip.org shows my real IP 12:27 < SviMik> when I tried "route 0.0.0.0 0.0.0.0 vpn_gateway" - I lost internet connection, and openvpn also disconnected 12:28 < SviMik> when I use "redirect-gateway def1" - it doesn't work with error: unable to redirect default gateway -- Cannot read current default gateway from system 12:32 < axelm8> SviMik, I have no idea, sorry 12:33 < axelm8> what distribution are you running? 12:34 < SviMik> kubuntu 12:35 < SviMik> (not me actually... my client. I can't help him, because I don't have pppoe to reproduce this error) 12:36 < axelm8> I can run the openvpn client on my PPPoE router if you wish, but that's as far as I can go 12:36 < axelm8> maybe the routing table would be useful for you 12:38 * newl wonders why openvpn would care about it going over pppoe? 12:38 < axelm8> I ask myself the same question 12:42 < axelm8> newl, there's something I don't like about /bin/sh -c [ `ps | grep -c [o]penvpn` -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi & 12:42 < SviMik> have you ever used redirect-gateway? 12:43 < axelm8> SviMik, nope. I find it does not scale properly with many clients 12:43 < SviMik> so this is the answer... I need somebody who understands, what redirect-gateway does :) 12:43 < axelm8> newl, the & at the end leaves sh running until openvpncl crashes again 12:44 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 12:44 < axelm8> ask the guys in #openvpn-as 12:45 < axelm8> how do I get the & to apply only to openvpn --config /tmp/openvpncl/openvpn.conf instead of the whole line 12:46 < axelm8> just put the & before ; fi ? 12:48 < newl> & ; fi :) 12:48 < newl> why do you need the & any way ?? 12:49 < axelm8> I thought the cron jobs were supposed to finish as quickly as possible so crond would go to the next item in the list. 12:49 < axelm8> Or are they forked? 12:51 < newl> remove the & 12:51 < axelm8> ok 12:51 < newl> and ps -efw you probably have tons started in the background by now 13:06 < axelm8> I think busybox ps does not support -e 13:06 < axelm8> I have removed the & anyways 13:34 -!- Azrael808 [~peter@dandlgreen.demon.co.uk] has quit [Ping timeout: 252 seconds] 13:38 < axelm8> newl, u there? 13:38 < axelm8> this command is not getting me the right output 13:38 < axelm8> nvram set cron_jobs="* * * * * if [ `ps | grep -c [o]penvpn` -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi" 13:38 < axelm8> nvram commit 13:39 < axelm8> this is setting cron_jobs to cron_jobs=* * * * * if [ 2 -eq 0 ]; then openvpn --config /tmp/openvpncl/openvpn.conf ; fi 13:40 < axelm8> how do I make ps get executed by cron instead of by nvram set 13:40 < axelm8> double `` `` ? 13:41 -!- Araluccl1 [~lallo@151.77.184.77] has joined #openvpn 13:42 -!- Araluccl0 [~lallo@151.77.249.113] has quit [Read error: Connection reset by peer] 13:45 -!- SviMik [~pIRCuser8@131.250.35.213.dyn.estpak.ee] has quit [Quit: pIRC v2.2 < Personal IRC Team > http://ircworld.ru and http://xirc.ru/] 14:05 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has joined #openvpn 14:14 -!- `Ile` [~kvirc@79-101-144-185.dynamic.isp.telekom.rs] has joined #openvpn 14:18 < axelm8> \' worked 14:32 < newl> do you have a crontab file there? put the code in a script and then set the crontab entry to run the script - have you done crond before? 14:43 -!- bauruine [~stefan@2001:8e0:100b:dead:2677:3ff:fe1a:2078] has joined #openvpn 14:54 -!- p3rror [~mezgani@2001:470:1f0b:c66:1::2] has quit [Remote host closed the connection] 15:11 -!- parallel [~parallel@c-76-103-89-93.hsd1.ca.comcast.net] has joined #openvpn 15:13 -!- wat232 [~watter@host143.200-82-66.telecom.net.ar] has quit [Ping timeout: 240 seconds] 15:26 -!- wat232 [~watter@186.153.104.77] has joined #openvpn 15:38 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 15:39 < jpdude1995> Can somebody help me setup a VPN on openvpn? 15:41 -!- newl [~newl@97.75.165.156] has left #openvpn [] 15:43 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 15:43 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 15:43 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 15:44 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has left #openvpn [] 15:48 -!- `Ile` [~kvirc@79-101-144-185.dynamic.isp.telekom.rs] has quit [Remote host closed the connection] 16:04 -!- parallel [~parallel@c-76-103-89-93.hsd1.ca.comcast.net] has quit [Quit: Leaving] 16:16 -!- wat232 [~watter@186.153.104.77] has quit [Ping timeout: 240 seconds] 16:29 -!- wat232 [~watter@host26.201-252-204.telecom.net.ar] has joined #openvpn 16:36 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has joined #openvpn 16:39 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has joined #openvpn 16:40 < markerx> Hey there! 16:41 < markerx> I am just beginning to explore installing OpenVPN on a Ubuntu VPS 16:41 < markerx> I was wondering if you can use Proxies to help hide the static IP of the VPS server? 16:48 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has quit [] 16:49 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 16:49 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Excess Flood] 16:50 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has joined #openvpn 16:50 -!- h4x0r` [~h4x0r@CPE-120-146-170-159.static.qld.bigpond.net.au] has quit [Changing host] 16:50 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has joined #openvpn 16:50 -!- h4x0r` [~h4x0r@unaffiliated/respekt] has left #openvpn [] 17:15 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has quit [Remote host closed the connection] 17:51 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 17:52 -!- tekzilla [~jon@hmbg-4d06a2b2.pool.mediaWays.net] has quit [Ping timeout: 252 seconds] 17:54 -!- tekzilla [~jon@hmbg-5f765103.pool.mediaWays.net] has joined #openvpn 18:21 -!- michaelgamble [~michaelga@CPE00195b25196b-CM001cea3dc820.cpe.net.cable.rogers.com] has quit [Quit: michaelgamble] 18:29 -!- axelm8 [axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 18:41 <@vpnHelper> RSS Update - forum: OpenDNS and OpenVPN 18:42 -!- Denial [Denial@drgi.co.uk] has quit [] 18:44 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Ping timeout: 276 seconds] 18:48 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 19:04 <@ecrist> markerx: sure 19:05 <@ecrist> look in the man page for proxy 19:05 <@ecrist> iirc, openvpn supports both HTTP proxies as well as standard SOCKS proxying 19:10 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 19:13 -!- MikeW [~MW@ks35441.kimsufi.com] has joined #openvpn 19:14 < MikeW> Hey guys, is there any way to manually specify HTTP Auth basic credentials inside the openvpn configuration file rather than pointing the config to another file? 19:20 <@ecrist> no 19:24 < MikeW> Shame. Ok now to try to figure out why tunnelblick doesn't want to connect through the proxy 19:25 <@ecrist> I don't think tunnelblick cares much 19:25 <@ecrist> it just wraps the openvpn binary 19:26 < MikeW> yeah but I'm trying to trace down what it is that I'm doing wrong that doesn't make it with through the http proxy here 19:26 * ecrist thinks he's figured out how to use his own LDAP plugin for vB and still use existing hooks. 19:34 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has quit [Quit: This computer has gone to sleep] 19:35 < MikeW> How frustrating. Tunnelblick log says "openvpnstart status #242: Error: OpenVPN returned with status 1. Possible error in configuration file. See "All Messages" in Console for details" yet there isn't anything useful in the osx console 19:36 < MikeW> actually, there's nothing being written to the osx console :-/ 19:37 <@ecrist> they likely mean the openvpn console 19:37 <@ecrist> get tunnelblick out of the picture and use the CLI 19:38 <@ecrist> the binary itself is at /Applications/Tunnelblick.app/Contents/Resources/openvpn 19:41 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has quit [Read error: Operation timed out] 19:41 -!- wat232 [~watter@host26.201-252-204.telecom.net.ar] has quit [Ping timeout: 240 seconds] 19:53 -!- wat232 [~watter@host112.201-252-208.telecom.net.ar] has joined #openvpn 19:55 < MikeW> oh I think I've figured it out. I'm using a vpn service that requires UDP to work but to work through a http proxy, proto tcp needs to be used. Doh 19:57 <@ecrist> doh 19:59 < MikeW> Shame that blackvpn require udp :/ 20:02 <@ecrist> !tcp 20:02 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 20:05 < MikeW> yeah sadly my environment doesn't allow udp. :( 20:09 -!- mgorbach [~mgorbach@pool-108-7-229-195.bstnma.fios.verizon.net] has joined #openvpn 20:22 -!- jpdude1995 [~johnpat@nj-71-2-36-131.dhcp.embarqhsd.net] has left #openvpn [] 20:26 -!- Gravitron [~admin@unaffiliated/gravitron] has quit [Quit: Computer has gone to sleep.] 20:29 <@vpnHelper> RSS Update - forum: openvpn client can't reconnect after server failure 20:45 -!- krzee [nobody@openvpn/community/support/krzee] has quit [Quit: This computer has gone to sleep] 20:58 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 21:32 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 21:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn 21:57 -!- gremly [~gremly@200.106.218.64] has quit [Quit: WeeChat 0.3.6] 21:58 -!- krzee [nobody@hemp.ircpimps.org] has joined #openvpn 21:58 -!- krzee [nobody@hemp.ircpimps.org] has quit [Changing host] 21:58 -!- krzee [nobody@openvpn/community/support/krzee] has joined #openvpn 22:06 <@vpnHelper> RSS Update - forum: Install OpenVPN [paying] 22:54 <@vpnHelper> RSS Update - forum: CreateProcess error 23:35 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has quit [Ping timeout: 260 seconds] 23:40 -!- ScriptFanix [vincent@Hanaman.riquer.fr] has joined #openvpn --- Day changed Mon Jan 23 2012 00:16 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has quit [Quit: markerx] 00:16 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has joined #openvpn 00:17 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has quit [Client Quit] 00:26 -!- axelm7 [~axelm7@186.135.9.36] has joined #openvpn 00:31 -!- axelm7 [~axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 00:37 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has joined #openvpn 00:38 < markerx> Hi again! 00:38 < markerx> I few hour ago I ask: 00:39 < markerx> I am installing OpenVPN on a Ubuntu VPS, can you use Proxies to help hide the static IP of the VPS server? 00:39 < markerx> I see that you can specify a proxy in the server.conf file 00:39 < markerx> Can you rotate through a list of proxies? 00:45 <+EugeneKay> I'm not sure what you mean "specify a proxy", there's no such option I'm aware of for servers 00:45 <@vpnHelper> RSS Update - forum: Newbee Help Please 00:45 <+EugeneKay> You an use an HTTP proxy from the client, but that's "lulz" 00:46 < markerx> hmmm... 00:46 < markerx> How can you protect the IP of the VPS/OpenVPN server? 00:46 <+EugeneKay> OpenVPN is not an anonymity tool. You're thinking of Tor. 00:48 < markerx> I am probably being overly paranoid 00:49 < markerx> Just trying to lock down my household internet security 00:49 < markerx> without having to create a management headache 00:49 -!- troyt [~troyt@2001:1938:240:3000::3] has quit [Ping timeout: 252 seconds] 01:04 -!- Cybertinus [~Cybertinu@tunnel3304.ipv6.xs4all.nl] has joined #openvpn 01:19 -!- reiffert_ is now known as reiffert 01:26 -!- dazo_afk is now known as dazo 01:26 <@vpnHelper> RSS Update - forum: TCP/UDP: Socket bind failed on local address already in use 01:40 -!- `Ile` [~Ile@kaniserver.net] has joined #openvpn 01:41 -!- Araluccl1 [~lallo@151.77.184.77] has quit [Quit: Anche il discorsismo ha un limitismo.] 01:41 -!- Araluccl0 [~lallo@151.77.184.77] has joined #openvpn 01:44 <@vpnHelper> RSS Update - forum: OpenVPN Linux Servers connecting Windows 2008 Domain || [SOLVED] TCP/UDP: Socket bind failed on local address alr... 01:56 -!- markerx [~markerx@97-118-189-82.hlrn.qwest.net] has quit [Quit: markerx] 02:14 <@vpnHelper> RSS Update - forum: There is a problem in your selection of --ifconfig endpoints 02:19 -!- Diffen [~diffen@c-a27ce555.042-17-73746f11.cust.bredbandsbolaget.se] has joined #openvpn 02:25 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:28 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 02:35 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:40 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 02:47 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:49 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 02:52 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 02:57 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:02 -!- zokko [bbajorek@unaffiliated/zokko] has left #openvpn [] 03:07 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 03:10 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:12 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 03:12 <@vpnHelper> RSS Update - forum: Static IP Windows Please 03:13 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:17 -!- Tykling [tykling@er.tyk.nu] has quit [Excess Flood] 03:18 <@vpnHelper> RSS Update - forum: Please help me with OPENVPN || Routed OpenVPN between two subnets 03:21 -!- Tykling [tykling@er.tyk.nu] has joined #openvpn 03:46 <@vpnHelper> RSS Update - forum: OpenDNS and OpenVPN 04:18 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has quit [Ping timeout: 244 seconds] 04:23 -!- master_of_master [~master_of@p57B537F5.dip.t-dialin.net] has quit [Read error: Operation timed out] 04:25 -!- master_of_master [~master_of@p57B52568.dip.t-dialin.net] has joined #openvpn 04:39 <@vpnHelper> RSS Update - forum: TLS Error: TLS key negotiation failed to occur within 60 sec 04:50 -!- noisebleed [~quassel@piggy.inescn.pt] has joined #openvpn 04:50 -!- noisebleed [~quassel@piggy.inescn.pt] has quit [Changing host] 04:50 -!- noisebleed [~quassel@gentoo/contributor/noisebleed] has joined #openvpn 04:55 -!- axelm7 [~axelm7@186.135.9.36] has joined #openvpn 05:00 -!- axelm8 [axelm7@186.135.9.36] has joined #openvpn 05:02 -!- axelm7 [~axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 05:02 <@vpnHelper> RSS Update - forum: Specifying external IP pool and custom port per client. || Client can connect but has no access to the Internet 05:05 * EugeneKay crickets 05:16 < havoc> bah 05:29 -!- ragnar [~ragnar@bifrost.ninjatux.org] has joined #openvpn 05:31 < ragnar> RMon Jan 23 11:29:33 2012 us=515046 TLS Error: Unroutable control packet received from XX.xx.xx.xx:xxxxx (si=3 op=P_CONTROL_V1) 05:31 < ragnar> what does this mean exactly? 05:32 <@vpnHelper> RSS Update - forum: Please Review My Site : 05:35 -!- Denial [~Denial@drgi.co.uk] has joined #openvpn 05:45 -!- axelm8 [axelm7@186.135.9.36] has quit [Ping timeout: 276 seconds] 06:02 <@vpnHelper> RSS Update - forum: new vpn setup advice 06:04 -!- eddyst1 [~eddyst@p5085508E.dip0.t-ipconnect.de] has joined #openvpn 06:12 < eddyst1> I like to use a bridge configuration. The connection establishes and I can ping the server but no other clients behind the server. Is there a HOWTO trubleshute for such problems. 06:22 <+EugeneKay> !howto 06:22 <@vpnHelper> "howto" is (#1) OpenVPN comes with a great howto, http://openvpn.net/howto PLEASE READ IT! or (#2) http://www.secure-computing.net/openvpn/howto.php for a mirror 06:22 <+EugeneKay> !tunortap 06:22 <@vpnHelper> "tunortap" is (#1) you ONLY want tap if you need to pass layer2 traffic over the vpn (traffic destined for a MAC address). If you are using IP traffic you want tun. Dont waste the extra overhead. or (#2) and if your reason for wanting tap is windows shares, see !wins or (#3) also remember that if someone gets access to any side of a tap vpn they can use layer2 attacks like arp poisoning against you 06:22 <@vpnHelper> over the vpn or (#4) lan gaming? use tap! 06:23 -!- fr00d [~andi@unaffiliated/fr00d] has joined #openvpn 06:23 < fr00d> Hello! 06:23 <+EugeneKay> !hi 06:23 <+EugeneKay> Hrm, thought we had one of those. 06:23 < fr00d> What's the difference between using udp or tcp for openvpn connection? 06:24 <+EugeneKay> !tcp 06:24 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 06:24 < fr00d> I have the problem that my client is not reachable via udp on the port openvpn delegates to use. 06:24 < fr00d> Ah, thanks. 06:25 -!- _julian_ [~quassel@hmbg-4d06f326.pool.mediaWays.net] has joined #openvpn 06:27 < fr00d> OK, I'll think about running two openvpn servers which use the same private network. They should be able to do dhcp from the same subnet, is that possible? 06:27 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has joined #openvpn 06:28 < fr00d> A workaround would be to use two subnets and route one into the other and vise versa. 06:28 <+EugeneKay> No, each (routed) openvpn tunnel should have a different subnet, tunnel device, etc. It's trivial to push a route for the other(or for a whole /20 block) down, though 06:29 <+EugeneKay> eg, I have 10.12.0.0/16 set aside for VPN links, and then a /20 out of that for each VPN server, and a /24 out of THAT for each actual openvpn instance. A bit of routing magic and --up scripts results in a HA system, with real-live hostnames. 06:30 < fr00d> This sound's great, so I need to play a bit more with openvpn... 06:30 < fr00d> Thanks for your help. 06:30 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has quit [Ping timeout: 252 seconds] 06:31 < eddyst1> !wins 06:31 <@vpnHelper> "wins" is http://oreilly.com/catalog/samba/chapter/book/ch07_03.html is a good link for seeing how to run WINS on samba 06:31 -!- Rolybrau [~Rolybrau@unaffiliated/rolybrau] has joined #openvpn 06:49 -!- p3rror [~mezgani@41.205.221.206] has joined #openvpn 06:55 < fr00d> Are there any problems with running two openvpn server instances on the same ip, on the same port the one via udp, the other via tcp? 06:57 < havoc> fr00d: nope 06:57 < havoc> I listen on udp:1194 and tcp:443 on 3 diff servers 06:57 < fr00d> perfect! 06:58 <@dazo> fr00d: no problems, but you should avoid having the same VPN subnet on those two instances, that will create some extra challenges ... but if separate subnets, no issues at all 06:58 < fr00d> Eh, no, I'd like to listen on udp:1194 and tcp:1194 on the same server with the same ip. ;) 06:58 < havoc> dazo: heh, that's exactly what I have planned, but haven't gotten to it yet 06:58 <@dazo> listening to tcp and udp ports on same port number and IP is very fine 06:58 < fr00d> I have set up seperate subnets and I will add network routes from one into the other net and vise versa. 06:58 < havoc> dazo: use same subnet, but on br0, where br0 = tun0 + tun1 06:59 <@dazo> havoc: you can't bridge tun ... only tap ;-) 06:59 < havoc> gah! 06:59 <@dazo> (bridges requires ethernet frames) 06:59 < havoc> dazo: thanks, I guess I either won't be bridging them, or I won't be converting to tun 06:59 < havoc> dazo: understood, thanks 06:59 < havoc> yeah, L2 device 06:59 <@dazo> yupp 07:00 < havoc> I'm all TAP now but was going to convert to TUN for performance, but with --topology subnet 07:00 < fr00d> The only challange is to update DNS accordingly to which port and according to this which subnet was chosen. 07:01 < fr00d> Wait, isn't there a way to do something like loadbalancing via dns to let one domainname point to two addresses? So the client should support to connect to the other address if the first doesn't answer. ;) 07:01 <@dazo> fr00d: if you look carefully at the different script hooks (search for SCRIPTING in man page), you'll find that --learn-address or --client-connect might help you out there 07:02 <@dazo> ahh ... you can in client configs add more --remote statements ... and even use --remote-random, to randomly select server to connect to 07:02 <@dazo> but I wouldn't load balance between tcp and udp, though 07:02 <@dazo> !tcp 07:02 <@vpnHelper> "tcp" is (#1) Sometimes you cannot avoid tunneling over tcp, but if you can avoid it, DO. http://sites.inka.de/~bigred/devel/tcp-tcp.html Why TCP Over TCP Is A Bad Idea. or (#2) http://www.openvpn.net/papers/BLUG-talk/14.html for a presentation by James Yonan (OpenVPN lead developer) or (#3) if you must use tcp, you likely want --tcp-nodelay 07:02 <@dazo> I'd recommend tcp as a fallback in cases where udp doesn't work 07:02 < fr00d> I do not want the client to loadbalance. 07:03 < fr00d> Each client can reach each other client in this vpn. 07:03 * dazo might have misunderstood what was supposed to be load balanced 07:03 < fr00d> I'd like to set up DNS very easy. So if I enter a DNS entry with two ips of the different subnets for each connected client they should be accessible. 07:04 <+EugeneKay> You need dynamic updates and a script to do that properly. 07:04 <@dazo> okay, you mean the internal DNS which connected VPN clients uses? 07:04 < fr00d> But for this I think I first need to read some more about loadbalancing. 07:04 <@dazo> fr00d: EugeneKay is right 07:04 < fr00d> Yes. 07:04 <+EugeneKay> "EugeneKay is right because EugeneKay is always right." 07:04 < fr00d> hehe 07:04 <@dazo> !learn EugeneKay as right because EugeneKay is always right. 07:04 <@vpnHelper> Joo got it. 07:04 <@dazo> !EugeneKay 07:04 <@vpnHelper> "EugeneKay" is right because EugeneKay is always right. 07:05 <@dazo> :-P 07:05 <+EugeneKay> :-D 07:05 < fr00d> hmm, well educated bot... :D 07:05 <@dazo> hehehe, yupp :) 07:06 < fr00d> So, I'll first have lunch and then, maybe playing a bit more around with openvpn. Thanks for your help. 07:07 < havoc> fr00d: you talking about round-robin DNS? 07:07 < havoc> e.g. vpn.domain.com = multiple IPs? 07:07 < havoc> if so that's just multiple A recs for same name in DNS 07:25 <@vpnHelper> RSS Update - forum: Took over the ovpn server, CA/Keys unknown. 07:25 < havoc> dazo: who runs the forums? 07:26 <@dazo> havoc: ecrist is having some responsibilities there 07:32 < havoc> just curious 07:32 < havoc> I know spam is a nightmare for any admin 07:32 < havoc> I saw more go by this morning 07:34 -!- rawtaz [~rawtaz@rho.hobbyhotellet.se] has joined #openvpn 07:35 < rawtaz> hi. im wondering if it is possible to shrink the ESXi virtual appliance a bit, so it doesnt take up 15 GB? im not sure what so much space is needed for 07:36 <@dazo> rawtaz: this isn't vmware support 07:36 < rawtaz> uh, i know that.. 07:37 <@dazo> rawtaz: then I presume you probably know that this channel is for OpenVPN community support too 07:37 < rawtaz> yep 07:38 < rawtaz> and if you read what i say, my question is very much openvpn related 07:38 < rawtaz> in fact, what it asks about is something that is provided from the openvpn side 07:38 < rawtaz> does this make sense? 07:38 <@dazo> Is that the Access Server stuff? 07:38 < rawtaz> yes sir 07:38 <@dazo> !as 07:38 <@vpnHelper> "as" is please go to #OpenVPN-AS for help with Access-Server 07:38 < rawtaz> okay, roger that 07:38 < rawtaz> thank you :) 07:38 <@dazo> this is the community side .... AS is the commercial side 07:39 < rawtaz> i failed to read the topic 07:39 -!- dkr [~dkr@67.132.255.16] has joined #openvpn 07:40 -!- gladiatr [~sdspence@openvpn/community/support/gladiatr] has joined #openvpn 07:41 <+EugeneKay> !read 07:41 <@vpnHelper> "read" is ive been known to overreact when people look for 2 minutes and ask me to explain it to them 07:41 < gladiatr> wheeee... happy 2012 07:41 <@ecrist> havoc: I'm the forum guy 07:42 < havoc> ecrist: I feel for you :( 07:42 < havoc> the spam seems on the rise lately 07:42 < gladiatr> havoc: it's not that bad. 07:42 < fr00d> havoc: Ah, ok. What happens if the client gets the ip which not responds? Does the client try the other one? 07:42 <@ecrist> the other mods do a good job of keeping it down, I think. 07:42 < havoc> ah, maybe I'm just noticing it more then 07:42 < krzee> its actually pretty constant 07:43 < krzee> but ya it seems to get caught by mods 07:43 < havoc> fr00d: if client retrys, and does another dns lookup for that retry, it should get the next IP 07:43 -!- axelm8 [~axelm7@186.135.8.52] has joined #openvpn 07:44 < krzee> havoc, you dont always get a new dns lookup 07:44 -!- gremly [~gremly@200.106.218.64] has joined #openvpn 07:44 < havoc> fr00d: ^^^^^ 07:44 < krzee> depends from system to system in my testing 07:44 < havoc> DNS round-robin may not work for you then 07:45 < krzee> i use multiple --remote entries for that reason 07:45 < fr00d> So, I need a setup which is a bit more complex until the request really gets to the client where it should go. 07:46 <@dazo> I think he wants to do some DNS RR stuff on the internal DNS for connected VPN clients ... to connect to the correct VPN client from another VPN client, via DNS host names .... 07:46 < havoc> fr00d: multiple --remote entries doesn't seem to complex 07:46 < havoc> dazo: ah 07:47 * dazo is still not sure he really caught it ... but hopes he is closer ... 07:47 < krzee> oh lol 07:47 < krzee> ya i didnt read the scroll 07:53 -!- axelm8 [~axelm7@186.135.8.52] has left #openvpn [] 07:55 <@dazo> ecrist: mattock: I've installed this captcha on another phpbb forum which got quite some spam a while ago. After this new captcha, all spam went away ... http://www.phpbbsmith.com/projects/phpbb3/photo-visual-confirmation.html 07:55 <@vpnHelper> Title: Photo Visual Confirmation phpBB Smith (at www.phpbbsmith.com) 07:56 <@ecrist> dazo - we're moving to vB anyway... 07:56 < fr00d> havoc: But I do not need multiple remote entries. I have one server with one port but want to use tcp and udp. Therefore I need two subnets. 07:57 <@dazo> ecrist: I know, but if it's much now ... this one kills it easily and efficiently ... took me less than an hour to get it working ... but that was without LDAP integration though 07:57 <@dazo> fr00d: what's a bit confusing for us is where you want the load balancing ... we don't really see how you want your setup to work, esp. in regards to the load balancing 08:01 <@vpnHelper> RSS Update - forum: Windows 7 x64, routing, DHCP and a unstable VPN 08:02 -!- eddyst1 [~eddyst@p5085508E.dip0.t-ipconnect.de] has left #openvpn [] 08:03 < fr00d> The client has to possibilities to connect to the vpn and each client should be able to reach each other client. This works. With the two networks for udp and tcp each client has the possibility to get an address of either the "udp"-subnet or the "tcp"-subnet. What I want to do is to make clients reachable via dns i.e. client1.vpn.mydomain.com. One possibility is to check the zonefile when the client connects and update it if nesseccary and the other ... 08:03 < fr00d> ... idea was to make the client accessible via the dns entry by adding more than one ip for one client. 08:09 <@ecrist> cron2: I've tagged a snapshot and it's pushed out to the ftp servers 08:13 <@vpnHelper> RSS Update - forum: Took over the ovpn server, CA/Keys unknown. 08:18 <@dazo> fr00d: sounds like dynamic dns updates is what you're looking for then ... so when a client connects, it will update the dns server with its client name and vpn IP address 08:19 <@dazo> fr00d: look at nsupdate 08:21 < fr00d> Yes I'm using nsupdate for dynamic dns entries. I'll have a try. 08:23 <@dazo> fr00d: if you already have things setup for nsupdate .... then it's a fairly simple script which can be used via --client-connect and --client-disconnect to add/delete IP addresses 08:24 <+EugeneKay> Pretty sure I said that an hour ago. :v 08:31 < fr00d> Maybe, but there the buzzword nsupdate was missing. 08:32 <+EugeneKay> You need dynamic updates and a script to do that properly. 08:32 <+EugeneKay> nsupdate is just a dynamic update client. :-p 08:39 < ragnar> RMon Jan 23 11:29:33 2012 us=515046 TLS Error: Unroutable control packet received from XX.xx.xx.xx:xxxxx (si=3 op=P_CONTROL_V1) 08:39 < ragnar> does any of you know what this means exactly? 08:40 <@ecrist> !logs 08:40 <@vpnHelper> "logs" is (#1) is please pastebin your logfiles from both client and server with verb set to 5 or (#2) In Tunnelblick, right-click and select copy to copy log text to clipboard. 08:41 -!- APTX [APTX@unaffiliated/aptx] has quit [Read error: Connection reset by peer] 08:42 < ragnar> ok 08:42 -!- APTX [APTX@unaffiliated/aptx] has joined #openvpn 08:45 -!- astrostl [~astrostl@68-188-73-250.static.stls.mo.charter.com] has joined #openvpn 08:50 -!- `Ile` [~Ile@kaniserver.net] has quit [Quit: KVIrc 4.1.3 Equilibrium http://www.kvirc.net/] 08:56 -!- misulicus [4f7357c6@gateway/web/freenode/ip.79.115.87.198] has joined #openvpn 08:57 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 08:57 < misulicus> hey guys, just wanted to ask if someone can please take a quick look at my post here https://forums.openvpn.net/topic9671.html 08:57 -!- Gravitron [~admin@69.163.40.45] has joined #openvpn 08:57 <@vpnHelper> Title: OpenVPN Support Forum new vpn setup advice : Server Administration (at forums.openvpn.net) 08:57 -!- Gravitron [~admin@69.163.40.45] has quit [Changing host] 08:57 -!- Gravitron [~admin@unaffiliated/gravitron] has joined #openvpn 08:57 < misulicus> i`m trying to get answers today 09:01 <@vpnHelper> RSS Update - forum: need tun.ko 09:02 < misulicus> we assume that we will have to pay someone to get a server setup like that 09:08 <+EugeneKay> To be quite frank, there's no money in that. 09:08 <+EugeneKay> Plenty enough competition already. 09:09 < misulicus> yeah well we got the customers already, we just need the service to be setup 09:18 < misulicus> any idea who could do a setupt like this ? 09:29 < Olipro> presumably, you want the whole thing automated 09:30 < Olipro> so you need something integrated with your payment gateway to create and issue client certificates with expiration dates tied to however long their subscription is 09:30 < Olipro> not to mention that yes, you need a server located in the US with sufficient bandwidth to meet your demand 09:33 < krzee> no no you shouldnt need to expire the cert 09:33 < krzee> use secondary auth via db 09:33 < krzee> then the script can check expiration date as well 09:36 <+EugeneKay> I was about to say, changing certs every month of subscription is gonna get old quick 09:39 < Olipro> yeah, secondary auth and/or revocation would be sufficient 09:40 < Olipro> I suppose revocation could be preferable if you don't want the headache of having to worry about your DB backend going down 09:41 -!- p3rror [~mezgani@41.205.221.206] has quit [Remote host closed the connection] 09:43 <@vpnHelper> RSS Update - forum: any way to have log of users?? 09:51 -!- p3rror [~mezgani@41.137.254.45] has joined #openvpn 09:52 < misulicus> well i can handle the maine website and payment stuff 09:53 -!- koaschten [~koaschten@31-16-0-231-dynip.superkabel.de] has joined #openvpn 09:53 < misulicus> i do some php programming...but the vpn part where user logins and gets access to the vpn is out of my leaguea 09:54 < misulicus> like: http://www.privatetunnel.com/ 09:54 <@vpnHelper> Title: Private Tunnel - Your Private Tunnel to the Internet (at www.privatetunnel.com) 09:55 < misulicus> i guess i can do an easy check to see if the user has active subscription in my main site DB and if he does he is allowed to login 10:10 < misulicus> but the server side i cant do it 10:19 <@ecrist> misulicus: we aren't going to do this for you 10:19 < misulicus> i`m asking, willing to hire someone to do it : 10:19 <@ecrist> I read your post, and all you really need is a VPN server (or a few, really), some load balancing, an authentication back-end (LDAP) 10:19 <@ecrist> I'll do it for you for $285 USD per hour 10:20 <@ecrist> minimum of 40 hours, paid 50% in advance 10:25 < misulicus> way too much :( 10:28 < jeev> i'll do it for 275 10:28 < jeev> 39 hours. 10:28 <+EugeneKay> Those are fairly standard consulting rates for a job like this. If you find somebody that'll do it for substantially less ,they're probably clueless. 10:29 <+EugeneKay> Realistically, you need at least a part-time admin 10:30 <@ecrist> heh, 10:30 <@ecrist> build me a custom interface and tie that to a central authentication engine (and all the admin pages, since you obviously can't edit the raw LDAP/etc) and install and test, for LESS than $285/hr? You're crazy 10:31 < jeev> i said i'd do it for 275 10:31 <+EugeneKay> To say nothing of tying it into a billign system 10:32 <+EugeneKay> Like I said, no money in this. :-p 10:34 < misulicus> well most i`d be interested in setting up openvpn on a server first 10:36 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has quit [Read error: Connection reset by peer] 10:38 <@ecrist> nobody's stopping you 10:38 <@ecrist> jeev: he'd need someone that knows what they're doing, disqualifying you automatically 10:38 -!- scampbell [~scampbell@c-98-224-240-62.hsd1.mi.comcast.net] has joined #openvpn 10:41 < misulicus> ecrist thats too much 10:42 <@ecrist> perhaps, but I won't do it for less 10:42 <@ecrist> figure it out yourself, or start asking good questions. :) 10:46 -!- troyt [~troyt@2001:1938:240:3000::3] has joined #openvpn 10:48 -!- MarKsaitis [~MarKsaiti@195.59.185.18] has quit [Quit: Leaving] 10:56 -!- leno81 [~leno81@208.111.39.186] has joined #openvpn 10:56 < leno81> hi 10:56 < leno81> i can specify what port to use for connection to the server, but can i force the vpn to use a sepcific port on the client? 10:56 < leno81> specific* 10:56 <@dazo> leno81: look at --rport and --lport in the man page 10:56 <@dazo> !man 10:56 <@vpnHelper> "man" is (#1) http://openvpn.net/man for 2.0 manual or (#2) http://openvpn.net/man-beta.html for 2.1 manual or (#3) http://openvpn.net/index.php/open-source/documentation/manuals/427-openvpn-22.html for 2.2 manual or (#4) the man pages are your friend! 11:03 < havoc> need to add 2.2.x to the list on http://openvpn.net/index.php/open-source/documentation.html 11:03 <@vpnHelper> Title: Documentation (at openvpn.net) 11:04 < havoc> you can get to it through the "Manuals" parent category link, but a direct 2.2 link should be under it in addition to the direct links for 2.1 and 2.0 11:08 < leno81> so i just put --lport port in the client config? 11:18 -!- danniel [~leno81@208.111.39.186] has joined #openvpn 11:22 -!- leno81 [~leno81@208.111.39.186] has quit [Ping timeout: 272 seconds] 11:23 -!- raidz [~raidz@openvpn/corp/admin/andre