NeverBehave activity

NeverBehave pushed new project branch dependabot/npm_and_yarn/moment-timezone-0.5.37 at NeverBehave / sao

2022-08-30T23:51:38Z

NeverBehave (1e9167d0) at 30 Aug 23:51

Build(deps): bump moment-timezone from 0.5.27 to 0.5.37

NeverBehave pushed new project branch dependabot/npm_and_yarn/node-fetch-2.6.7 at NeverBehave / sao

2022-01-22T09:45:44Z

NeverBehave (389bfd5e) at 22 Jan 09:45

Build(deps): bump node-fetch from 2.6.0 to 2.6.7

NeverBehave commented on merge request !273 at OpenConnect VPN projects / ocserv

2021-11-04T20:00:14Z

Hi Nikos, thanks for the fast response.

Currently we have decided to move to openvpn since we believe l2 has better control under such circumstances…

Tho I could test its behavior maybe later today.

NeverBehave commented on issue #430 at OpenConnect VPN projects / ocserv

2021-10-31T09:18:11Z

I have tried log=9999 but it is just assign the IP described above, no obvious error AFAIK. I don't have the log in hand right now. Will try to reproduce and persist one later.

The case here is we are using ocserv for multi-user IPMI access. Each user has their own /64 assign specifically for the IPMI. However, since the vlan interface is different from the dynamic one, NDP is required for neighbor discovery. While systemd-networkd required to specify each IP to be proxied, I tried to predefined all possible IPs by limiting IP range to a small scope and generate rules for it. Then I found this strange behavior.

The NDP proxy may also be set up by using on-connect scripts, as well as iptables, etc., but in my case I could only predefine these rules (env limitation), so I do explicit IP and limit client to one for now, while I think this IP allocation behavior is a bit confused as well.

NeverBehave commented on issue #430 at OpenConnect VPN projects / ocserv

2021-10-27T07:57:19Z

https://www.spinics.net/lists/openconnect/msg03817.html I found this thread has similar situation as I am, so I would write down my solution here.

ping-lease seems cannot find server IP, and I just set a fix explicit-ipv6 here and add NDP proxy for it.

explicit-ipv6 and explicit-ipv4 is basically means when client connect, it will use this IP instead of a random IP generated by ocserv.

NeverBehave opened issue #430: When setting small IPv6 block (/127), Router will get the same IP as Client at OpenConnect VPN projects / ocserv

2021-10-27T07:20:17Z

Description of problem:

When setting config-per-user with ipv6-network with a small IPv6 Block, tun device will get same ip as client side.

Version of ocserv used:

1.1.2

Client used:

AnyConnect 4.10.01075

Distributor of ocserv

Build from Release 1.1.2 from gitlab

How reproducible:

Describe the steps to reproduce the issue:

ocserv.conf

      auth = "plain[passwd=/etc/ocserv/passwd]"
      tcp-port = 443
      udp-port = 443
      run-as-user = nobody
      run-as-group = nogroup
      socket-file = /run/ocserv-socket
      server-cert = /var/lib/acme/vpn.xxx.net/fullchain.pem
      server-key = /var/lib/acme/vpn.xxx.net/key.pem
      keepalive = 32400
      dpd = 90
      mobile-dpd = 1800
      switch-to-tcp-timeout = 25
      try-mtu-discovery = false
      cert-user-oid = 0.9.2342.19200300.100.1.1
      tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0"
      auth-timeout = 240
      min-reauth-time = 300
      max-ban-score = 50
      ban-reset-time = 1200
      cookie-timeout = 300
      deny-roaming = false
      rekey-time = 172800
      rekey-method = ssl
      use-occtl = true
      pid-file = /run/ocserv.pid
      device = vpns
      predictable-ips = true
      default-domain = example.com
      ping-leases = false
      cisco-client-compat = true
      dtls-legacy = true
      ipv6-network = fda9:4efe:7e3b:03ea::/48
      # ipv6-subnet-prefix = 128

      config-per-user = /etc/ocserv/config-per-user/
      config-per-group = /etc/ocserv/config-per-group/

      banner = "xxxxxx"
      max-same-clients = 2
      compression = true
      no-compress-limit = 256

config-per-user config neverbehave

route = abcd:abcd:55:54::/64
ipv6-network = abcd:abcd:55:54:a::4/127

Run ocserv --foreground --pid-file /run/ocesrv.pid --config /etc/ocserv/ocserv.conf and try login

Actual results:

Both Client and Server will have IPv6 abcd:abcd:55:54:A::5 as their IP address

vpns0: flags=81  mtu 1434
        inet6 fe80::20f2:be4d:32e4:88e  prefixlen 64  scopeid 0x20
        inet6 2602:fc52:55:54:a::5  prefixlen 128  scopeid 0x0
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7  bytes 732 (732.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Expected results:

Client should have different IP than Router, or refuse to continue if cannot assign IP

NeverBehave pushed new project branch dependabot/npm_and_yarn/lodash-4.17.21 at NeverBehave / sao

2021-05-10T19:04:26Z

NeverBehave (982e2ce2) at 10 May 19:04

Build(deps): bump lodash from 4.17.15 to 4.17.21

NeverBehave pushed to project branch master at NeverBehave / sao

2021-01-01T21:12:06Z

NeverBehave (54604bf6) at 01 Jan 21:12

fix: musl dns issue

NeverBehave pushed to project branch master at NeverBehave / sao

2021-01-01T21:02:02Z

NeverBehave (ecd081ad) at 01 Jan 21:02

Update Dockerfile

NeverBehave pushed new project branch dependabot/npm_and_yarn/node-fetch-2.6.1 at NeverBehave / sao

2021-01-01T20:56:59Z

NeverBehave (b9e1bf86) at 01 Jan 20:56

Bump node-fetch from 2.6.0 to 2.6.1

NeverBehave pushed new project branch dependabot/npm_and_yarn/lodash-4.17.19 at NeverBehave / sao

2021-01-01T20:56:59Z

NeverBehave (bd47d4ff) at 01 Jan 20:56

Bump lodash from 4.17.15 to 4.17.19

NeverBehave pushed to project branch master at Indexyz / docker-torrent-alpine

2020-04-28T07:48:12Z

NeverBehave (25997c90) at 28 Apr 07:48

Update Dockerfile with VOLUME

NeverBehave joined project Indexyz / docker-torrent-alpine

2020-04-28T07:38:03Z