Thank you James. I reached the same conclusion myself. I've been working on it since early this morning.
This means that most consumer VPN services are at least vulnerable to getting their private TLS key stolen, and also usernames, passwords, session keys and so on. As you pointed out, tls-auth is irrelevant if the attacker knows the key, which is the case for consumer VPNs. When can we expect a new version for Windows to be released? / Fredrik ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
