From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id E59C9158094 for ; Sun, 18 Sep 2022 07:52:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C101CE08C8; Sun, 18 Sep 2022 07:52:30 +0000 (UTC) Received: from icp-osb-irony-out5.external.iinet.net.au (icp-osb-irony-out5.external.iinet.net.au [203.59.1.221]) by pigeon.gentoo.org (Postfix) with ESMTP id 06E45E0898 for ; Sun, 18 Sep 2022 07:52:29 +0000 (UTC) IronPort-SDR: lI3D7tZV61b7H4vsi/kQI1HWKWzlqC7/UnnfFvBdQmmZIQJVZh1PQA5604jCPC46HOHiFFigz6 xmtWTkLMzYzVv5l2dg/fDdPMHCrwsHFF4JBqyeSY3QAdFirPI9kE1VuYl7bgxQfO1CbfOwkhtY VqozDhNctSIDfRvkcs+GFl+HbKglMAvQHDlYMWdzTYt7uZ9KhmAzBraUE5TOo0jfg3Epy3nRo7 EBGxIN+7rQBVSo9vBZXrDwqF7dcjYqJ289kGtR0IaSKcv0ADTj/qEuIKIGDaKkP+dIBH0U/qfF mcg= X-SMTP-MATCH: 0 X-IPAS-Result: =?us-ascii?q?A2DeAwBkzSZj/ylZ69xaHAEBAQEBAQcBARIBAQQEAQFAC?= =?us-ascii?q?YE1BAEBCwGCIIEEhiaPSQEBAQaBFC4DgROKJ5AAg1ILAQEBAQEBAQEBCUIEA?= =?us-ascii?q?QGFBQKEayY3Bg4BAgQBAQEBAwIDAQEHAQEBBQEBAQEBAQYDAYEchS9GhkMBA?= =?us-ascii?q?QEDIw8BBVEJAhgCAhIBEwICVxMIAQGCeQGDII11nBeBMYEBigKBESwBhQWBf?= =?us-ascii?q?G6HFYEfQ32BEIEVJw+CPTc+hQwCA4MJgmYEmQAmBA4DGisdQQIBC3cYAxQDB?= =?us-ascii?q?SQHAwIXDyMNDQQWBwwDAwUlAwICGwcCAgMCBhMFAgJNOAgECAQrJA8FAgcvB?= =?us-ascii?q?QQvAh4EBQYRCAIWAgYEBAQEFQIQCAIIJhcHExgbGQEFWRAJIRwKBBoNBQYTA?= =?us-ascii?q?yBvBQo7DygzNTkrHRsKgQwqKBUDBAQDAgYTAwMiAhAqMRQEKRMSLQcrcwkCA?= =?us-ascii?q?yJnBQMDBCosAwlABygmPAdYOgEEAwMQIj0GAwkDAiRbdwI3ExUFAw0ZJggFI?= =?us-ascii?q?xYdBAg+AgUGnCmBMxImTwMLL5F1OJBCnl2DYJkHhxcGDwQulnMIkgmXCqF/B?= =?us-ascii?q?SSFPYE/OIF/TR8ZgyNQGQ+OMRGOO4EjAgYBCgEBAwmIPQ+CNwEB?= IronPort-Data: A9a23:Yl6tN6/zYSUjmzQO5/3QDrUDJXyTJUtcMsCJ2f8bNWPcYEJGY0x3y mFNCjiOO6uCamKke9p1PYy0p0hU7Z7cndRmHVQ6pSwxFiIbosfsO4+Ufxz6V8+wwm0vb67GA +E2MISowBUcFyeEzvuV3zmIQUBUjclkfJKlYAL/En03FFQMpBsJ00o5wbZo294w2LBVPivU0 T/Mi5yHULOa82MsWo4kw/rrRMRH5amaVJsw5zTSVNgT1LPsvyB94KE3fMldG0DFrrx8RYZWc QpiIIaRpQs19z91Yj+suuqgKBVSGtY+NyDW4pZdc/DKbhRq+ndoiv5jXBYRQR8/ttmHozx+4 PdRno6gYER0BI7Vp9hHShV6DRx6FpQTrdcrIVDn2SCS50jPcn+qwvNgFkhwOYoT8+J7BmRH9 PpwxDIlNErbwbjtnfTrG68w36zPL+GyVG8bknthyTXaJfcnR53fBaPH+ZlRwV/cg+gSQaaEP 5VINWEHgBLoSTYfIkkdOMkHl/a0jCamdi9yklenqv9ii4TU5EkruFT3C/Lad9qWQsIQg12Vv ErC/n/lGVcVOdqDzj3D9Wij7tIjhguhAtpXTubls647xQHKgGACDlsXVF22vb+/h1L4Us83x 1EoxxfCZJMarCSDJuQRlTXhyJJYlnbwg+ZtLtA= IronPort-HdrOrdr: A9a23:t0eN8KgrzyLcu6wC1gmlxSj4sXBQXgMji2hC6mlwRA09TyX4rb HSoB1/73TJYVkqOU3I5urwXpVoLUmxyXc32/hpAV7aZnichILwFvAZ0WKA+UydJ8SdzI5gPM 5bGsAVNDSXNzdHZK3BjTVQfexP/DH7mJrY/ds2G00dLz2DF8lbnmBE436gYy5Lrf59dP4E/T Onl696mwY= X-IronPort-Anti-Spam-Filtered: true X-IronPort-AV: E=Sophos;i="5.93,325,1654531200"; d="scan'208";a="448207943" Received: from 220-235-89-41.dyn.iinet.net.au (HELO mail.infra.localdomain) ([220.235.89.41]) by icp-osb-irony-out5.iinet.net.au with ESMTP; 18 Sep 2022 15:52:25 +0800 Received: from localhost (mail.infra.localdomain [127.0.0.1]) by mail.infra.localdomain (Postfix) with ESMTP id 7892642B8 for ; Sun, 18 Sep 2022 15:52:25 +0800 (AWST) X-Virus-Scanned: amavisd-new at localdomain Received: from mail.infra.localdomain ([127.0.0.1]) by localhost (mail.infra.localdomain [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CPq6vUyWSdZg for ; Sun, 18 Sep 2022 15:52:13 +0800 (AWST) Message-ID: Date: Sun, 18 Sep 2022 15:52:13 +0800 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.13.0 Subject: Re: [gentoo-user] openvpn experience, anyone? Content-Language: en-AU To: gentoo-user@lists.gentoo.org References: From: William Kenworthy In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Archives-Salt: 29ecbc9d-a112-493c-a94e-bcb6fe867c63 X-Archives-Hash: 4e24a4ce96d04c9b1e834ee5065600af On 18/9/22 15:26, n952162 wrote: > Hello all, > > I want to ssh over my openvpn connection, and I can't do it, the > connection times out. > > I saw a reference to gentoo in the openvpn scripts in /etc/openvpn and > thought maybe somebody here  knows something about this. > > Earlier my institution recommended openconnect, and I was able to use > ssh to login in to a host with no problem. > > Then, for some reason (licensing?), we were switched to openvpn, which > works for xfreerdp but not for ssh. > > I don't have control over the institution's firewall (but I do have for > the host itself) > > Perhaps when installing the new service, they tightened up the firewall > rules.  But maybe there's a configuration screw I can turn, or ... maybe > a USE flag? > > - - down-root : Enable the down-root plugin >  - - examples  : Install examples, usually source code >  - - inotify   : Enable inotify filesystem monitoring support >  - - iproute2  : Enabled iproute2 support instead of net-tools >  + + lz4       : Enable support for lz4 compression (as implemented in > app-arch/lz4) >  + + lzo       : Enable support for lzo compression >  - - mbedtls   : Use mbed TLS as the backend crypto library >  + + openssl   : Use OpenSSL as the backend crypto library >  + + pam       : Add support for PAM (Pluggable Authentication Modules) > - DANGEROUS to >                  arbitrarily flip >  - - pkcs11    : Enable PKCS#11 smartcard support >  + + plugins   : Enable the OpenVPN plugin system >  - - systemd   : Enable use of systemd-specific libraries and features > like socket >                  activation or session tracking >  - - test      : Enable dependencies and/or preparations necessary to > run tests >                  (usually controlled by FEATURES=test but can be > toggled independently) > > TIA > > ssh and openvpn work well together.  However I am doing most of the work using my own configs - gentoo tries to be too clever with its vpn networking and Ive never been able to get it to work reliably/acceptably.  On some sites I have to use port 443 (https) to get through, and in extreme cases double wrap in ssl (using a mix of proxytunnel (windows host), stunnel and sslh) to disguise its a vpn but still separate it from regular https traffic on my firewall.  You will need to figure out where the ssh is getting blocked/stripped out - is openvpn your endpoint or theirs? BillK