[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Microsoft Certificate Services


  • Subject: [Openvpn-users] Microsoft Certificate Services
  • From: "Oytun Yılmaz" <oytunyilmaz@xxxxxxxxx>
  • Date: Wed, 20 Jun 2007 01:11:57 +0300

Hi,

I have a Microsoft Certificate Service running on my Domain
Controller.It makes sense to use my existing certificate server
reather then OpenVpn's easy rsa. Can I generate certificates from this
certificate server for OpenVpn ? Are there any tutorials about this ?


Thanks in advance
Oytun


On 6/20/07, openvpn-users-request@xxxxxxxxxxxxxxxxxxxxx
<openvpn-users-request@xxxxxxxxxxxxxxxxxxxxx> wrote:
> Send Openvpn-users mailing list submissions to
>        openvpn-users@xxxxxxxxxxxxxxxxxxxxx
>
> To subscribe or unsubscribe via the World Wide Web, visit
>        https://lists.sourceforge.net/lists/listinfo/openvpn-users
> or, via email, send a message with subject or body 'help' to
>        openvpn-users-request@xxxxxxxxxxxxxxxxxxxxx
>
> You can reach the person managing the list at
>        openvpn-users-owner@xxxxxxxxxxxxxxxxxxxxx
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openvpn-users digest..."
>
>
> Today's Topics:
>
>   1. Can I use Apache rewrite to route openpvn? (David Goodenough)
>   2. Re: Can I use Apache rewrite to route openpvn?
>      (Klaus Thielking-Riechert)
>   3. Re: Return route? help! (Jeff -)
>   4. Re: Can I use Apache rewrite to route openpvn? (David Goodenough)
>   5. Japanese Client (James Miller)
>   6. Re: Japanese Client (\dev \null)
>   7. Preventing IP Address Spoofing on TUN VPNs (Randall Nortman)
>   8. TAP blocks outward pings (Michael D. Berger)
>   9. Re: Japanese Client (minu2)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 19 Jun 2007 15:30:54 +0100
> From: David Goodenough <david.goodenough@xxxxxxxxxxxxxxxx>
> Subject: [Openvpn-users] Can I use Apache rewrite to route openpvn?
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Message-ID: <200706191530.56180.david.goodenough@xxxxxxxxxxxxxxxx>
> Content-Type: text/plain;  charset="us-ascii"
>
> I know this may seem an odd idea but I have a user who is living inside
> an environment where the only access he has to the internet is HTTP (80)
> and HTTPS (443).  I have run svn in its HTTPS mode using port 443 and
> it works quite happily, but now I need to run some real HTTPS stuff
> on the same machine.  I can use mod_rewrite in apache2 to redirect
> https conversations to say Tomcat, the question is whether it will work
> to do the same to OpenVpn?
>
> David
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 19 Jun 2007 17:26:50 +0200
> From: Klaus Thielking-Riechert <klaus.thielking-riechert@xxxxxxxxxx>
> Subject: Re: [Openvpn-users] Can I use Apache rewrite to route
>        openpvn?
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Message-ID: <20070619152649.GA17138@xxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-15"
>
> David,
>
> On Tue, Jun 19, 2007 at 03:30:54PM +0100, David Goodenough wrote:
>
> > I know this may seem an odd idea but I have a user who is living inside
> > an environment where the only access he has to the internet is HTTP (80)
> > and HTTPS (443).  I have run svn in its HTTPS mode using port 443 and
> > it works quite happily, but now I need to run some real HTTPS stuff
> > on the same machine.
>
> Well, maybe you should take a look at the option --port-share by OpenVPN
> 2.1
>
> Best regards,
>
>  Klaus
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: Digital signature
>
> ------------------------------
>
> Message: 3
> Date: Tue, 19 Jun 2007 08:47:59 -0700
> From: "Jeff -" <unix_core@xxxxxxxxxxxxx>
> Subject: Re: [Openvpn-users] Return route? help!
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Message-ID: <20070619154804.10E2A7AF01@xxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="iso-8859-1"
>
> >route to your LAN default router to send traffic for
> > 10.8.0.0/nn to the openvpn gateway, or you could masquerade traffic from
> > the vpn to your openVPN gateway's LAN address.
> >
>
> I decided just to swap this machine with the existing gateway.  It works fine.  So it's confirmed that the return route was all that is missing.
>
> >From a previous reply....would that setting not be done in the DNS?  It's true that traffic is being sent to the default gateway.
>
>
> =
> Emerson Wj-2000 Wheel Jacks
> Portable, multi-purpose wheel jack. Lift by wheels or frame. 40,000.
> http://a8-asy.a8ww.net/a8-ads/adftrclick?redirectid=5e35b5cce826583890117205f6485f79
>
>
> --
> Powered by Outblaze
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 19 Jun 2007 17:00:23 +0100
> From: David Goodenough <david.goodenough@xxxxxxxxxxxxxxxx>
> Subject: Re: [Openvpn-users] Can I use Apache rewrite to route
>        openpvn?
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Message-ID: <200706191700.24188.david.goodenough@xxxxxxxxxxxxxxxx>
> Content-Type: text/plain;  charset="iso-8859-15"
>
> On Tuesday 19 June 2007, Klaus Thielking-Riechert wrote:
> > David,
> >
> > On Tue, Jun 19, 2007 at 03:30:54PM +0100, David Goodenough wrote:
> > > I know this may seem an odd idea but I have a user who is living inside
> > > an environment where the only access he has to the internet is HTTP (80)
> > > and HTTPS (443).  I have run svn in its HTTPS mode using port 443 and
> > > it works quite happily, but now I need to run some real HTTPS stuff
> > > on the same machine.
> >
> > Well, maybe you should take a look at the option --port-share by OpenVPN
> > 2.1
> >
> > Best regards,
> >
> >   Klaus
>
> I kook forward to 2.1 being available in Debian (and OpenWrt), 2.0.9 being
> all that I have now.  But this is not an urgent requirement so I will wait
> and when I spot 2.1 arriving I will try it out.
>
> Ta.
>
> David
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 19 Jun 2007 13:07:32 -0500
> From: "James Miller" <jimm@xxxxxxxxxxxxxxx>
> Subject: [Openvpn-users] Japanese Client
> To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
> Message-ID: <02c801c7b29c$b54d1ac0$5dd810d1@e3demo>
> Content-Type: text/plain;       charset="US-ASCII"
>
> Hello everyone,
>
> Does anyone know if there is Japanese version of OpenVPN (the client)?  We
> have some users in Japan who will be connecting to our OpenVPN servers here
> in St. Louis, MO and most of them don't speak/read English.
>
> I sure would appreciate any suggestions.
>
>
> Thanks,
> --Jim
>
>
>
>
> James Miller - MCSE RHCE CISSP
> Sr Systems & Network Administrator
> Simutronics Corp.
> www.play.net
> 636.946.4263 x113
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 20 Jun 2007 02:50:16 +0800
> From: "\\dev \\null" <dsvpns@xxxxxxxxx>
> Subject: Re: [Openvpn-users] Japanese Client
> To: jimm@xxxxxxxxxxxxxxx
> Cc: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Message-ID:
>        <da61377f0706191150n386e3bd5mc8d2d3e212960a8a@xxxxxxxxxxxxxx>
> Content-Type: text/plain; charset="utf-8"
>
> Why would you need it in Japanese? Just openvpn client.conf and you're just
> about set.  Unless you mean the GUI version, in which case you could always
> pay someone to translate it for you.
>
> Btw, I do read/write japanese :)
>
> On 6/20/07, James Miller <jimm@xxxxxxxxxxxxxxx> wrote:
> >
> > Hello everyone,
> >
> > Does anyone know if there is Japanese version of OpenVPN (the client)?  We
> > have some users in Japan who will be connecting to our OpenVPN servers
> > here
> > in St. Louis, MO and most of them don't speak/read English.
> >
> > I sure would appreciate any suggestions.
> >
> >
> > Thanks,
> > --Jim
> >
> >
> >
> >
> > James Miller - MCSE RHCE CISSP
> > Sr Systems & Network Administrator
> > Simutronics Corp.
> > www.play.net
> > 636.946.4263 x113
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> >
>
>
>
> --
> ? IdealVPN  - VPN Solutions For Your Needs
> ? Unleash P2P from your streamyx connection
> ? Firewalled / In a college campus? No problem
> ? MSN : darrell@xxxxxxxxxxxxxxxx
> ? Newly added server in China for your drama needs
> ? Now accepting bulk orders
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> Message: 7
> Date: Tue, 19 Jun 2007 16:36:36 -0400
> From: Randall Nortman <openvpn-list@xxxxxxxxxxxxxxx>
> Subject: [Openvpn-users] Preventing IP Address Spoofing on TUN VPNs
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Message-ID: <20070619203636.GS956@xxxxxxxxxxxxxxxxxxxxxxxxx>
> Content-Type: text/plain; charset=us-ascii
>
> Is there anything special I need to do to prevent IPA spoofing on a
> TUN-based (routed) OpenVPN network?  I would like to use the IP
> address within the VPN subnet as a form of authentication for
> applications running on the VPN.  I still use ssh for remote shell
> access, even over the VPN, as a "belt and suspenders" measure, but
> certain applications running on the VPN are a bit less sensitive than
> remote shell access.  For those applications, I'd like to just
> authenticate based on IP address, but I would still like to know that
> this is a reasonably reliable method of authentication.
>
> In case what I'm asking isn't clear: I have a network of machines on
> the VPN, each given a static IP address (via files in the client
> configuration directory) based on the client's common name.  Can
> client A trust that when it accepts a connection from client B's
> allocated IP address, and that is actually client B?  And can client B
> conversely trust that when it opens a connection to client A's
> allocated IP address that it is actually talking to client A?  Does
> this apply equally to UDP and TCP traffic?
>
> Put another way, will the server accept packets from a client with a
> source IPA that doesn't match that client's allocated IPA, assuming I
> haven't told the server that the client is a router for another subnet
> (e.g., with the iroute configuration option).
>
> TIA,
>
> Randall
>
>
>
> ------------------------------
>
> Message: 8
> Date: Tue, 19 Jun 2007 17:22:29 -0400
> From: "Michael D. Berger" <m.d.berger@xxxxxxxx>
> Subject: [Openvpn-users] TAP blocks outward pings
> To: "OpenVpn-Users" <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
> Message-ID: <000001c7b2b7$f1943610$2801a8c0@MBRC40>
> Content-Type: text/plain;       charset="us-ascii"
>
> I set up a TAP on my Linux FC4 box, using a the scripts
> copied from http://openvpn.net/bridge.html.  After I
> execute the bridge-start script, I can no longer ping
> to anything outside the Linux box, including the router
> that serves it.  The problem persists if iptables is
> shit off.  When I run openvpn, I get failures that
> can be explained by this.
>
> Any suggestions?
>
> Thanks for your help.
>
> Mike.
> --
> Michael D. Berger
> m.d.berger@xxxxxxxx
> http://www.rosemike.net/
>
>
>
>
> ------------------------------
>
> Message: 9
> Date: Wed, 20 Jun 2007 07:03:39 +0900
> From: minu2 <minu2_munyu@xxxxxxxxxxx>
> Subject: Re: [Openvpn-users] Japanese Client
> To: openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> Message-ID: <20070620070328.5DFF.MINU2_MUNYU@xxxxxxxxxxx>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello.
>
> I make "openvpn-gui-ja.rc".
> But, I don't translate error message and some message.
>
> Becouse, It isn't used so much :)
>
> On Tue, 19 Jun 2007 13:07:32 -0500
> "James Miller" <jimm@xxxxxxxxxxxxxxx> wrote:
>
> > Hello everyone,
> >
> > Does anyone know if there is Japanese version of OpenVPN (the client)?  We
> > have some users in Japan who will be connecting to our OpenVPN servers here
> > in St. Louis, MO and most of them don't speak/read English.
> >
> > I sure would appreciate any suggestions.
> >
> >
> > Thanks,
> > --Jim
> >
> >
> >
> >
> > James Miller - MCSE RHCE CISSP
> > Sr Systems & Network Administrator
> > Simutronics Corp.
> > www.play.net
> > 636.946.4263 x113
> >
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Openvpn-users mailing list
> > Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
> --
> minu2 <minu2_munyu@xxxxxxxxxxx>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: openvpn-gui-ja.rc
> Type: application/octet-stream
> Size: 19914 bytes
> Desc: not available
>
> ------------------------------
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by DB2 Express
> Download DB2 Express C - the FREE version of DB2 express and take
> control of your XML. No limits. Just data. Click to get it now.
> http://sourceforge.net/powerbar/db2/
>
> ------------------------------______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users