Although it is well-known that pptp is not secure and is subject to many forms of attacks, the reality is that a lot of legacy and embedded devices use pptp. I argue that if it is being used for routing or remote access or over an already secure connection (eg. another VPN like ikev2) then this is still acceptable. Or in a LANor in a public environment where no private data is exchanged. However, if the nature of the data is extremely sensitive, you should do whatever........

The Best Docker Tutorial for Beginners We quickly explain the basic Docker concepts and show you how to do the most common tasks from starting your first container, to making custom images, a Docker Swarm Cluster Tutorial, docker compose and Docker buildfiles.........

Why choose OpenVPN instead of a firewall appliance? OpenVPN can be a reliable and easy replacement for traditional hardware or just be an additional tool that your company uses so that the firewall can focus on its job rather than acting as a VPNappliance at the same time. When comparing OpenVPN with traditional firewal........

Starting with newer versions of OpenVPN Ibelieve 2.2+ you need to have "script-security 3" set or you can't execute a third party script. Prior to that you could also use the auth-user-pass-verify like this: auth-user-pass-verify ./validate.pl "$username $password $ip" via-env Options error: the --auth-user-pass-verify directive should have at most 2 parameters. To pass a list of arguments as one of the paramete........

This basically means that you are running as non-root and you need to be root to create the tun0 or tap0 device on OpenVPN. You could try sudo or adding the openvpn binary to the list of sudoers.........

Sometimes if you have a very basic configuration OpenVPN on the client side for some reason sends all traffic to the OpenVPN server IP through the tun0 which is of course impossible and creates a block or routing loop. This is because you need to use your normal ISP/LANgateway to hit the OpenVPN server if it is remote/offsite as is usually the case. So if you are connected to the OpenVPN through say a tun0 device and your routing is set to connect to the OpenVPN&nbs........

I have never had this error on Linux and this is running FreeBSD as root: Wed Aug 9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically Wed Aug 9 04:29:34 2017 us=329832 Exiting due to fatal error The Solution you need a kernel module that is for some reason not automatically loaded like Linux: kldload if_tap........

I have never had this error on Linux and this is running FreeBSD as root: Wed Aug 9 04:29:34 2017 us=329050 Cannot allocate TUN/TAP dev dynamically Wed Aug 9 04:29:34 2017 us=329832 Exiting due to fatal error The Solution You need a kernel module that is for some reason not automatically loaded like Linux: kldload if_tap........

openvpn 2.3.10-1.el6 issues in the .conf auth-user-pass-verify "passwordcheck $username $password $untrusted_ip" via-env auth-env does not work correctly in OpenVPN 2.3: Sat Apr 23 02:30:22 2016 - $username - $untrusted_ip - login failure But OpenVPN 2.2 does work as expected. It could be that the specified script automatically receive........

The following assumes the computer is local/physical to you and/or it always has a LANIP so it can be accessed on site without having a default gateway. The key to this is not to set a default gateway for your computer or you can set a script on boot or other time to delete the gateway (where eth0 is the NIC you are using): route del default eth0 50.80.20.2 is the VPN server you connect to 192.168.1.1 is your........

I never did get it working, it is too bad as obfsproxy should really be an option and integrated into the OpenVPN client and server or something similar: yum -y install python-pip python-devel No package python-pip available. #install the EPEL repo python-pip install obfsproxy python-pip install obfsproxy -bash: python-pip: command not found pip install obfsproxy &........

What matters most about VPNproviders in 2024? We are highly suspicious of VERYLARGE VPN providers that have LOW PRICES and HUGE DISCOUNTS. The suspicion is that for those who know what costs are involved to purchase thousands of IPs and servers are not small. At the prices that many of the big mainstream providers offer, it is likely unprofitable or barely profitable. Then, how are those companies making money or is that even the goal? There use........

This can happen when you install RPMForge or other repos with the wrong architecture and here's how you fix it (simply uninstalling won't usually fix it): solution yum clean all yum -y install openvpn Loaded plugins: fastestmirror, presto Loading mirror speeds from cached hostfile * base: mirror.its.sfu.ca * extras: centos.mirror.nexicom.net * rpmforge: mirror.cpsc.ucalgary.ca * up........

Cannot load certificate file keys/server.crt: error:0906D06C:PEM The .crt is blank empty because when generating it I kept hitting enter for the defaults and this caused the crt not to be signed. Certificate is to be certified until Dec 18 00:35:49 2022 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y So if you get messages like these, a........

I used the suggested script to bridge from OpenVPN and it took my client's server off-line! Don't ever use their "sample" scripts if you don't have another way of accessing the server than SSH. I actually found it easier to use iptables to tell it to route IPs based on a certain subnet to route through eth0: iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE Replace "192.168.200.0/24" with your subnet of cour........

Make sure the module "tun" is loaded on the host. vzctl set 2000 --devnodes net/tun:rw --save *Note what's below is what OpenVZ says you need (but I've never had to do it) vzctl exec 2000 mkdir -p /dev/net vzctl exec 2000 mknod /dev/net/tun c 10 200 vzctl exec 2000 chmod 600 /dev/net/tun On the container test the device: when Something is wrong:........

Jan 16 04:02:03 centosbox syslogd 1.4.1: restart. Jan 16 04:07:34 centosbox kernel: INFO: task updatedb:20771 blocked for more than 300 seconds. Jan 16 04:07:34 centosbox kernel: "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Jan 16 04:07:34 centosbox kernel: updatedb D F78BE050 6476 20771 20766&n........