On 2014-05-04 19:52, Gert Doering wrote: > Hi, > > On Sun, May 04, 2014 at 08:31:21PM +0200, Pol Hallen wrote: >> Hi folks, I'm sorry if my question is trivial... >> >> My situation: 1 openvpn server, many clients over internet that uses >> openvpn >> >> My doubt is: if a client (A) exchange data from/to other client (B) >> with >> ftp protocol, another client (C) can sniff the traffic from A to B? >> if >> yes, is it clear traffic? (not crypted). > > Why should the server send data between A<->B to C? This would never > make sense, just for bandwidth reasons alone. > > (And since it does not make sense, it is not being done) > > The *server* can see your data, of course, as it is decrypting data > from > A, looking at the headers to decide who it is for, and then > re-encrypting > it when sending to B. >
I still think the OP has asked a very good question. Whilst the traffic won't physically go to C (at least for TUN networks), an answer would be great regarding whether C could de-crypt the traffic using the keys he/she has. Another thing to remember is that for TAP network, C could potentially get some of the traffic if ARP goes funny etc... Thanks ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
