Hi, On Wed, Apr 22, 2015 at 05:25:54PM -0700, blz wrote: > > The server will just update its "what IP/port is the client on?" table > > entry, without restarting anything. > > What I'm wondering is how secure that is, such as how easily one could > fake such a reconnect to get in on someone else's session, where they > wouldn't even need a key? I hope this is just good ol' fashion paranoia > on my part, but it would be nice to know. Thanks.
The server updates its table entry only if the packet's HMAC validates,
read "the client knows the key material for that particular session".
If you manage to steal *that* from another client, there's far worse
attacks (inject spoofed traffic, etc).
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgps0HqsfhhcV.pgp
Description: PGP signature
------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
