Sent with [ProtonMail](https://protonmail.com) Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Friday 15 March 2019 16:11, <pippin...@protonmail.com> wrote:
> Hi,
>
> Answer is here:
> https://openvpn.net/vpn-server-resources/additional-security-command-line-options/
>
> "TLS authentication (HMAC firewall)
>
> To explain the concept of TLS authentication in simpler terms, the idea here
> is to have a unique TLS key, a certificate, that is known and used by the
> server and its clients. A shared secret if you will, that will be used to
> digitally sign and verify packets in both directions. What this does is make
> it possible for the OpenVPN protocol to easily recognize if packets are truly
> VPN packets from a known VPN client, or if they are garbage packets from
> unknown sources. Every OpenVPN packet by itself contains encrypted
> information inside of it, but on top of that, the packet itself is signed
> digitally...................."
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Friday 15 March 2019 15:29, Pieter Hulshoff
> <pieter.hulsh...@technolution.nl> wrote:
>
>> Hello all,
>>
>> I was wondering why the authentication tag is transmitted before the
>> encrypted data in stead of after it (like in e.g. MACsec).
>>
>> Kind regards,
>>
>> Pieter Hulshoff
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
