Am 17.07.20 um 19:10 schrieb David Sommerseth: > The --no-replay feature is considered to be a security weakness, which > was also highlighed during the OpenVPN 2.4 security audit [0]. This > option was added to the DeprecatedOptions[1] list and has been reported > as deprecated since OpenVPN 2.4.
As a side note, removing this feature weakens the ability to use OpenVPN is a pure tunnel without crypto (--auth none, --cipher none and no-replay) since this removes the ability to disable replay proctection when no authentication is enabled. (replay protection without auth is silly as a attacker can just fake the replay id too.) Acked-By: Arne Schwabe
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
