> "Jonathan K. Bullard" <jkbull...@gmail.com> wrote: > > The openvpn_xorpatch which as introduced and discussed in this thread does > have some vulnerabilities. > > Most of the vulnerabilities are null pointer dereferences or other errors > when parsing the "scramble" option or are triggered by unlikely values for > its parameters. However, one is a potential buffer overflow > which can occur while the VPN is active and could potentially be triggered by > carefully constructed traffic.
Thanks Jonathan for your feedback. I've a different question for you. What about using stunnel4 with OpenVPN? I've seen a situation in which a user opens a stunnel4 connection in Linux (without root) as in the following: stunnel filename.ssl In a new terminal window, the user, as root, types the following command to connect to an OpenVPN server: sudo openvpn filename.ovpn I was told the above method achieves the same goal as using the OpenVPN_XOR-patch method, i.e. preventing deep packet inspection carried out by the Great Firewall. But does the stunnel4+openvpn combo method have security vulnerabilities? (Last I checked, stunnel4 is available in many Linux distros.) Regards. Lisa ----------------------------------------------------- Mail.be, WebMail and Virtual Office http://www.mail.be
