On 06/08/17 10:35, Yevgeny Kosarzhevsky wrote: > OpenVPN without encryption or with weak encryption using '--auth none > --no-iv --no-replay' is still great tool for tunneling traffic over UDP > protocol.
Fair enough, I've learnt that there are some scenarios which can benefit from this. > IPIP, L2TP or other known tunneling solutions may be blocked > in certain countries. This is the reason I would vote to keep no-iv > option in upcoming 2.5 release. The --no-iv option will be removed in v2.5. That is not up for discussion, and in accordance with recommendation by *two recent security audits*. <https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/> <https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/> Perhaps it is much more advisable to look at similar other projects to do insecure virtual networking (unencrypted tunnels). After all, the P in VPN is about "Private" - and OpenVPN is first and foremost a VPN solution - which depends heavily on the P. We cannot sacrifice the security aspect purely on the cost of convenience. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
