Am 12.05.15 um 09:59 schrieb Lisa Minogue: > Hi guys, > > I obtained a modified OpenVPN client software from a friend and wonder if any > of you would like to help review it for security vulnerabilities, design > flaws, incorrect implemention of code, etc... > > To the best of my knowledge, modifications include the ability to provide > obfuscation and avoid deep packet inspection by the Great Firewall. > > The URLs to download the two relevant files are: > > http://www.datafilehost.com/d/b85faf74 > > http://www.datafilehost.com/d/930732b4 > > Thanks in advance. > I only took a very brief look: What you gave use is some modified source code archive that contains some modified OpenVPN source (2.3_git as version). While most of us developers /could /probably find out which version that source code is and try to see what the changes our motivatation to do so is very minimal. We focus on working on the main source code and review patches for that version.
It has probably some obfuscation/encryption patches applied. There is no official obfuscation capability in OpenVPN yet since the core OpenVPN developers believe that such a mechansim should be either implemented in a plugin or other way (e.g., a proxy) that is flexible enough to change the mechanism. Arne
