Using openvpn intensively, and on large population. Though not (yet) on Fedora.
By the way “on fedora commercially” ? If you use the code commercially, shouldn’t you switch to Red-Hat?
Kind regards. Hans Witvliet, J, Ing., DMO/OPS/I&S/APH, Kennis Team Opensource
From: Jack Craig [mailto:jack.craig.aptos@gmail.com] Sent: zondag 2 juni 2019 8:49 To: Community support for Fedora users Subject: anyone using openvpn?
hi folks,
after beating on this vpn i have got it about happy.
i am curious to know if anyone out there is using openvpn on fedora commercially?
tia, jackc...
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
thanks for your time to reply.
On Mon, Jun 3, 2019 at 3:00 AM J.Witvliet@mindef.nl wrote:
Using openvpn intensively, and on large population.
Though not (yet) on Fedora.
By the way “on fedora commercially” ?
If you use the code *commercially*, shouldn’t you switch to Red-Hat?
i didnt say i was using it (or goiong to) use it commercially.
given the problems i surmounted getting this far makes me wonder it openvpn is really up to the task.
how about this. is your vpn integrated with NetworkManager?
if so, how did you manage the routing table?
that is, when enp4s0 comes up, its the default route. once tun0 comes up, my setup barfs & does no routing table updating (for up & dwn) and ignores routing entirely. at least this is what i think i am seeing.
but my lack of certainty motivate me to pass a few queries by a more experienced group.
tia, jackc...
Kind regards.
*Hans Witvliet, J, Ing., DMO/OPS/I&S/APH, Kennis Team Opensource*
*From:* Jack Craig [mailto:jack.craig.aptos@gmail.com] *Sent:* zondag 2 juni 2019 8:49 *To:* Community support for Fedora users *Subject:* anyone using openvpn?
hi folks,
after beating on this vpn i have got it about happy.
i am curious to know if anyone out there is using openvpn on fedora commercially?
tia, jackc...
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
On Mon, Jun 03, 2019 at 11:10:36 -0700, Jack Craig jack.craig.aptos@gmail.com wrote:
given the problems i surmounted getting this far makes me wonder it openvpn is really up to the task.
Have you looked at wireguard? It's not upstream yet, but the primary author updates it for development kernels, so it's usually working for rc1. The kernel module builds very easily on Fedora.
The config is pretty simple. End points are mutually authenticated. One end can be roaming or behind nat and things will just work. It creates a normal network device the you can use ip to manipulate.
I use it to give my laptops fixed ip addresses by routing through my home network, no matter where they are connected.
i was unaware, i'll check it out, Thx!!
On Mon, Jun 3, 2019 at 12:36 PM Bruno Wolff III bruno@wolff.to wrote:
On Mon, Jun 03, 2019 at 11:10:36 -0700, Jack Craig jack.craig.aptos@gmail.com wrote:
given the problems i surmounted getting this far makes me wonder it
openvpn
is really up to the task.
Have you looked at wireguard? It's not upstream yet, but the primary author updates it for development kernels, so it's usually working for rc1. The kernel module builds very easily on Fedora.
The config is pretty simple. End points are mutually authenticated. One end can be roaming or behind nat and things will just work. It creates a normal network device the you can use ip to manipulate.
I use it to give my laptops fixed ip addresses by routing through my home network, no matter where they are connected.
On 03/06/2019 20:40, Jack Craig wrote:
i was unaware, i'll check it out, Thx!!
Pushed to the testing repos today at rpmfusion
On Mon, Jun 3, 2019 at 12:36 PM Bruno Wolff III <bruno@wolff.to mailto:bruno@wolff.to> wrote:
On Mon, Jun 03, 2019 at 11:10:36 -0700, Jack Craig <jack.craig.aptos@gmail.com <mailto:jack.craig.aptos@gmail.com>> wrote: > >given the problems i surmounted getting this far makes me wonder it openvpn >is really up to the task. Have you looked at wireguard? It's not upstream yet, but the primary author updates it for development kernels, so it's usually working for rc1. The kernel module builds very easily on Fedora. The config is pretty simple. End points are mutually authenticated. One end can be roaming or behind nat and things will just work. It creates a normal network device the you can use ip to manipulate. I use it to give my laptops fixed ip addresses by routing through my home network, no matter where they are connected.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
WOW! web page blowing e away!!! *THANKS AGAIN!!!*
On Mon, Jun 3, 2019 at 1:11 PM John Pilkington johnpilk222@gmail.com wrote:
On 03/06/2019 20:40, Jack Craig wrote:
i was unaware, i'll check it out, Thx!!
Pushed to the testing repos today at rpmfusion
On Mon, Jun 3, 2019 at 12:36 PM Bruno Wolff III <bruno@wolff.to mailto:bruno@wolff.to> wrote:
On Mon, Jun 03, 2019 at 11:10:36 -0700, Jack Craig <jack.craig.aptos@gmail.com <mailto:jack.craig.aptos@gmail.com>> wrote: > >given the problems i surmounted getting this far makes me wonder it openvpn >is really up to the task. Have you looked at wireguard? It's not upstream yet, but the primary author updates it for development kernels, so it's usually working for rc1. The kernel module builds very easily on Fedora. The config is pretty simple. End points are mutually authenticated.One
end can be roaming or behind nat and things will just work. It creates a normal network device the you can use ip to manipulate. I use it to give my laptops fixed ip addresses by routing through my home network, no matter where they are connected.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
is there a sdk contact for stuff like this? fyi, fedora 28
CC /home/jackc/src/WireGuard/src/tools/terminal.o CC /home/jackc/src/WireGuard/src/tools/ipc.o *ipc.c:7:10: fatal error: libmnl/libmnl.h: No such file or directory* #include <libmnl/libmnl.h> ^~~~~~~~~~~~~~~~~ compilation terminated.
On Mon, Jun 3, 2019 at 5:39 PM Jack Craig jack.craig.aptos@gmail.com wrote:
WOW! web page blowing e away!!! *THANKS AGAIN!!!*
On Mon, Jun 3, 2019 at 1:11 PM John Pilkington johnpilk222@gmail.com wrote:
On 03/06/2019 20:40, Jack Craig wrote:
i was unaware, i'll check it out, Thx!!
Pushed to the testing repos today at rpmfusion
On Mon, Jun 3, 2019 at 12:36 PM Bruno Wolff III <bruno@wolff.to mailto:bruno@wolff.to> wrote:
On Mon, Jun 03, 2019 at 11:10:36 -0700, Jack Craig <jack.craig.aptos@gmail.com <mailto:jack.craig.aptos@gmail.com>> wrote: > >given the problems i surmounted getting this far makes me wonder it openvpn >is really up to the task. Have you looked at wireguard? It's not upstream yet, but the primary author updates it for development kernels, so it's usually working for rc1. The kernel module builds very easily on Fedora. The config is pretty simple. End points are mutually authenticated.One
end can be roaming or behind nat and things will just work. It creates a normal network device the you can use ip to manipulate. I use it to give my laptops fixed ip addresses by routing through my home network, no matter where they are connected.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
or... INSTALL /home/jackc/src/WireGuard/src/wireguard.ko At main.c:160: - SSL error:02001002:system library:fopen:No such file or directory: crypto/bio/bss_file.c:74 - SSL error:2006D080:BIO routines:BIO_new_file:no such file: crypto/bio/bss_file.c:81 sign-file: certs/signing_key.pem: No such file or directory DEPMOD 5.0.16-100.fc28.x86_64 depmod -a 'wg' -> '/usr/bin/wg' 'man/wg.8' -> '/usr/share/man/man8/wg.8' 'completion/wg.bash-completion' -> '/usr/share/bash-completion/completions/wg' 'wg-quick/linux.bash' -> '/usr/bin/wg-quick' install: creating directory '/etc/wireguard' 'man/wg-quick.8' -> '/usr/share/man/man8/wg-quick.8' 'completion/wg-quick.bash-completion' -> '/usr/share/bash-completion/completions/wg-quick' 'systemd/wg-quick@.service' -> '/usr/lib/systemd/system/wg-quick@.service'
On Mon, Jun 3, 2019 at 5:48 PM Jack Craig jack.craig.aptos@gmail.com wrote:
is there a sdk contact for stuff like this? fyi, fedora 28
CC /home/jackc/src/WireGuard/src/tools/terminal.o CC /home/jackc/src/WireGuard/src/tools/ipc.o *ipc.c:7:10: fatal error: libmnl/libmnl.h: No such file or directory* #include <libmnl/libmnl.h> ^~~~~~~~~~~~~~~~~ compilation terminated.
On Mon, Jun 3, 2019 at 5:39 PM Jack Craig jack.craig.aptos@gmail.com wrote:
WOW! web page blowing e away!!! *THANKS AGAIN!!!*
On Mon, Jun 3, 2019 at 1:11 PM John Pilkington johnpilk222@gmail.com wrote:
On 03/06/2019 20:40, Jack Craig wrote:
i was unaware, i'll check it out, Thx!!
Pushed to the testing repos today at rpmfusion
On Mon, Jun 3, 2019 at 12:36 PM Bruno Wolff III <bruno@wolff.to mailto:bruno@wolff.to> wrote:
On Mon, Jun 03, 2019 at 11:10:36 -0700, Jack Craig <jack.craig.aptos@gmail.com <mailto:jack.craig.aptos@gmail.com>> wrote: > >given the problems i surmounted getting this far makes me wonder it openvpn >is really up to the task. Have you looked at wireguard? It's not upstream yet, but theprimary
author updates it for development kernels, so it's usually working forrc1.
The kernel module builds very easily on Fedora. The config is pretty simple. End points are mutuallyauthenticated. One
end can be roaming or behind nat and things will just work. It creates a normal network device the you can use ip to manipulate. I use it to give my laptops fixed ip addresses by routing throughmy
home network, no matter where they are connected.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
On Mon, Jun 03, 2019 at 17:48:09 -0700, Jack Craig jack.craig.aptos@gmail.com wrote:
is there a sdk contact for stuff like this? fyi, fedora 28
CC /home/jackc/src/WireGuard/src/tools/terminal.o CC /home/jackc/src/WireGuard/src/tools/ipc.o *ipc.c:7:10: fatal error: libmnl/libmnl.h: No such file or directory* #include <libmnl/libmnl.h> ^~~~~~~~~~~~~~~~~ compilation terminated.
Do you have libmnl-devel installed?
i do now, but the lib appeared to build/install fine w/o out it...
On Mon, Jun 3, 2019 at 6:31 PM Bruno Wolff III bruno@wolff.to wrote:
On Mon, Jun 03, 2019 at 17:48:09 -0700, Jack Craig jack.craig.aptos@gmail.com wrote:
is there a sdk contact for stuff like this? fyi, fedora 28
CC /home/jackc/src/WireGuard/src/tools/terminal.o CC /home/jackc/src/WireGuard/src/tools/ipc.o *ipc.c:7:10: fatal error: libmnl/libmnl.h: No such file or directory* #include <libmnl/libmnl.h> ^~~~~~~~~~~~~~~~~ compilation terminated.
Do you have libmnl-devel installed?
On 6/3/19 5:58 PM, J.Witvliet@mindef.nl wrote:
Using openvpn intensively, and on large population.
Though not (yet) on Fedora.
By the way “on fedora commercially” ?
If you use the code /commercially/, shouldn’t you switch to Red-Hat?
I don't think that is necessary. If you're running this as a service you're getting revenue not from the O/S but for the service. It doesn't matter the platform.
FWIW, all of the routers I work with from Asus, D-Link, Synology and a few others have openvpn embedded. Being OpenSource it won't make a difference which platform it is run on.
-
Bruno Wolff III -
Ed Greshko -
J.Witvliet@mindef.nl -
Jack Craig -
John Pilkington