Comments (16)
OriBenHur
commented on May 26, 2024
1
the ticket on openvpn-as is for the 9 udp entries.
the overwrite not working is here.
just to make things bit more clear.
after removing all the extra udp entries the override is working as expected.
with the extra udp entries it's not working (still connecting with udp instead of using tcp)
from openvpn3-linux.
dsommers
commented on May 26, 2024
Could you provide the --remote options in your configuration file? If you only have a single --remote line, try duplicating it and set the second line to be tcp. For example like this:
remote server.example.net 1194 udp
remote server.example.net 443 tcp
See if the --proto-override makes a difference with such a config, and if it then sticks to the overridden protocol through several connections and also openvpn3 session-manage --restart. You may also need to see if --port-override also works as expected.
If the multiple --remote line works, it is needed to investigate this issue in the OpenVPN 3 Core library project.
from openvpn3-linux.
dsommers
commented on May 26, 2024
ping, @OriBenHur ... did you get a chance to test this?
from openvpn3-linux.
OriBenHur
commented on May 26, 2024
i have 6 of them all but one are udp
this is the file that the as server created
from openvpn3-linux.
OriBenHur
commented on May 26, 2024
# Automatically generated OpenVPN client config file
# Generated on Mon Sep 14 01:23:41 2020 by OpenVPN-AS
# Default Cipher
cipher AES-256-CBC
# Note: this config file contains inline private keys
# and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=<USERNAME>
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=<USERNAME>@<IP>
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_BASIC_CLIENT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=False
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=<IP>:<TCP_PORT>
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# <HASH>
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
setenv FORWARD_COMPATIBLE 1
client
server-poll-timeout 4
nobind
remote <IP> <UDP_PORT> udp
remote <IP> <UDP_PORT> udp
remote <IP> <TCP_PORT> tcp
remote <IP> <UDP_PORT> udp
remote <IP> <UDP_PORT> udp
remote <IP> <UDP_PORT> udp
remote <IP> <UDP_PORT> udp
remote <IP> <UDP_PORT> udp
dev tun
dev-type tun
ns-cert-type server
setenv opt tls-version-min 1.0 or-highest
reneg-sec 604800
sndbuf 0
rcvbuf 0
auth-user-pass
static-challenge "Enter Authenticator Code" 1
# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
-----BEGIN CERTIFICATE-----
<HASH>
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
<HASH>
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
<HASH>
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----
<LONG_NUMBER>
-----END OpenVPN Static key V1-----
</tls-auth>
## -----BEGIN RSA SIGNATURE-----
## <HAS-5>
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## <HASH>
## -----END CERTIFICATE-----
## -----BEGIN CERTIFICATE-----
## <HASH>
## -----END CERTIFICATE-----
from openvpn3-linux.
schwabe
commented on May 26, 2024
Well if you force the core to only use tcp remotes but have no tcp remotes that is not going to work. So the core ignores your request
from openvpn3-linux.
OriBenHur
commented on May 26, 2024
but there is one lol
as you can see there are like 9 UDP and one TCP, I have no idea why (I'll open a bug for the OpenVPN-AS team about it)
but in theory, it should work, BTW removing all the extra UDP seems to be working the question is why is;t it working with them there?
from openvpn3-linux.
schwabe
commented on May 26, 2024
Hm sorry, I didn't see that TCP one. No idea then, sorry
from openvpn3-linux.
dsommers
commented on May 26, 2024
but there is one lol
as you can see there are like 9 UDP and one TCP, I have no idea why (I'll open a bug for the OpenVPN-AS team about it)
but in theory, it should work, BTW removing all the extra UDP seems to be working the question is why is;t it working with them there?
I'm a bit confused now, since you're pulling in filing an AS ticket as well.
When you use openvpn3 config-manage --config <NAME> --proto-override tcp, does it still try UDP? If yes, then this is an OpenVPN 3 issue; but can tackle that in this ticket for now.
If the AS server does not provide a functional TCP port, that's a different issue where an AS ticket is appropriate.
from openvpn3-linux.
schwabe
commented on May 26, 2024
@dsommers I think he is referring to having 9 identical UDP remotes at all.
from openvpn3-linux.
dsommers
commented on May 26, 2024
Okay, that's 2 independent bugs then. I'll create an internal ticket for the protoOverride not working with multiple identical remotes configured. I'll leave this ticket open until the OpenVPN 3 Core library has been updated and OpenVPN 3 Linux has upgraded to that version.
from openvpn3-linux.
schwabe
commented on May 26, 2024
@dsommers to be honest, we might remove these override features. I have no idea what real use case they have anyway.
from openvpn3-linux.
OriBenHur
commented on May 26, 2024
i can tall you from my experience that they give me an easy way to switch back and forth tcp and udp on a need basis.
but it's not like it's that difficult to create two profiles to serve each.
but my moto is if it's there it need to work
from openvpn3-linux.
dsommers
commented on May 26, 2024
I think the the server, port and proto overrides makes sense. And I'm even considering if we should add support for this even via openvpn3 session-start. But there are other overrides which might be less useful.
from openvpn3-linux.
dsommers
commented on May 26, 2024
We're just releasing the v14_beta today. Can you see if the protocol override using openvpn3 config-manage --config <NAME> --proto-override tcp works with this release?
In addition I'm strongly considering to add --proto-override (or a similar option) to openvpn3 session-start as well, similar to what we now support with --dco.
from openvpn3-linux.
dsommers
commented on May 26, 2024
The configuration profile need to have a remote line for both TCP and UDP for the --proto-override feature to work. That does work, but only on non-persistent configuration files. There is a bug in the code saving the persistent configuration files to disk, so if multiple --remote options are present, only the last occurrence is present.
I will close this ticket, as --proto-ovrerride itself works as expected. But there is a different issue making this not working, which is not really a problem of --proto-override at all. This other issue will be tracked in a separate ticket.
from openvpn3-linux.
Related Issues (20)
- Support OpenVPN3 on Fedora Silverblue HOT 31
- session-manage --cleanup doesn't always clean up? HOT 4
- Ubuntu 23.10 - Failed to execute program net.openvpn.v3.sessions: Permission denied error persists. HOT 1
- TLS Error with openvpn3 HOT 14
- Route metrics HOT 2
- non-interactive auth-user-pass mode with dummy data HOT 6
- ** ERROR ** Configuration profile name "CloudConnexa" already exists HOT 9
- StatusManagerEvent signal is sent before backend client service is ready HOT 14
- Provided script for connector installation failed HOT 1
- OpenVPN3 v21, U 23.10 and CloudConnexa DIVE HOT 1
- Failed to start session with CloudConnexa on Fedora Linux HOT 3
- D-Bus API: requests for improvements HOT 2
- OpenVPN3 doesn't set back previous DNS after disconnect using systemd-resolved in stub mode HOT 1
- Support Synology DSM? HOT 2
- Can't access sites via domain only via ip
- <connection> profiles are non-functional + unkown/unsupported option details are lacking HOT 11
- Error after ArchLinux upgrade HOT 1
- Add support for resolvconf interface HOT 1
- Support for ubuntu 24.04 HOT 4
- How to check the encryption protocol used when connecting to openvpn HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openvpn3-linux.