Hi Valentin,
Valentin Sawadski wrote:
Hello,
I'm looking for a way to remove any encryption or MAC from OpenVPN in
"--mode server".
Since I'm new to the OpenVPN code base my starting point right now
will be patching "options.c" to allow "--mode server" without TLS.
Will this already be enough to make it work or is TLS tightly
integrated into the workings of the mode?
Thanks for any pointers!
you don't need to run openvpn using '--mode server' at all. If you run a
poin-to-point connection like this
openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --proto udp
--cipher none --auth none
openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun --proto udp
--cipher none --auth none --remote <remote host>
then you'll end up with a fully plaintext tunnel.
If you insist on using (useless) certificates and some form of "--mode
server" then I'd suggest using
--mode server --tls-cipher NONE --cipher none --auth none
this should also disable the TLS cipher as well.
IOW, no code changes should be needed at all :)
HTH,
JJK
