pkgsrc-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: openvpn: actually works?



Stephen Borrill <netbsd%precedence.co.uk@localhost> writes:

First, my mysterious bad connections were due to the rover being, at the
moment, using IPv6 while being behind a v6-in-v4 tunnel, where the gif
was set to 1280 (NetBSD default).  Changing the openvpn tun-mtu fixed
that, and then I set the the tunnel to 1480.

So my only remaining mystery is "the /24 route (for the rover subnet)
seems to randomly go missing on openvpn restart, sometimes".  Plus
various "MTU issues are hard", including "npf doesn't do ressembly".

>>  How often do you find yourself on a network where openvpn 1194 is
>>  blocked, but other things worked?
>
> Quite a lot, I do a lot of work in schools!

Thanks for the data point.   I will keep that in mind.

>>  Have you set up proxying over 443, which tends not to be blocked?
>
> Yes, I have set it up on 22, 443 and 1935 (some Windows media port)
> based on an outbound port scan. 443 is often blocked, but it does
> usually work through a proxy.

I guess that's CONNECT so your e2e is ok.

> However as an OpenVPN instance cannot do both UDP and TCP and
> client-to-client uses routing within the instance, a TCP connection
> doesn't work as well in my scenario as I lose access to the other
> clients.

With just rovers, I'd expect this to be ok, but thanks for the caution.


Home | Main Index | Thread Index | Old Index