-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Sent with ProtonMail Secure Email. ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Saturday, 3 April 2021 01:24, tincantech via Openvpn-users <openvpn-users@lists.sourceforge.net> wrote: > Sent with ProtonMail Secure Email. > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > On Saturday, 3 April 2021 01:12, Selva Nair selva.n...@gmail.com wrote: > > > Hi, > > > > > If I distribute my VPN client as a Zip file then what ever name I give the > > > VPN config file, I will obviously make the batch file the same. > > > > > > - provider.ovpn > > > - provider_up.bat > > > This is certainly not a difficult hurdle to side-step. > > > > > > > > > > It's easy for an unsuspecting user to "import" a config file downloaded > > > > from somewhere, but to get the batch file into the right location they > > > > have to deliberately copy it there. One can say that we treat that > > > > action as equivalent to "--script-security 2". > > > > See Zip above.. > > > > Unsuspecting users is exactly who I thought the OpenVPN wanted to > > > > protect. > > > > What I meant was the import menu in the GUI will not import a zip > > file, only the .ovpn. When we add a smarter import option we'll have > > to warn the user about > > such scripts. > > Also, I'm all for patches to improve --script-security handling as > > well as for controlling scripts run by the GUI. I had tried but found > > it to be beyond my foo to come with a decent way to do this. > > Selva > > Yes, I do understand. > > It is a complicated "cat and mouse" game which is never > going to be totally resolved. > One of the things which I did find to be a surprise was: I did not have to change any settings in the GUI to allow executing this script. I have installed 2.5.1 over 2.5.0 over 2.4.x Is it worth considering that running an external script MUST ALWAYS be enabled/re-enabled upon installation ? Considering how awkward openvpn-install*.* is with regard to Easy-RSA-3, it seems to me that FORCING user to enable running external scripts EVERY time is not such a big deal. Food for thought .. -- Thanks R -----BEGIN PGP SIGNATURE----- Version: ProtonMail wsBzBAEBCAAGBQJgZ9NvACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ1QTgf7BvHVyMEBSS98qFGd2Iy3ndjD7dpMbyMQl7LskDwZs+szA0ey Ju0p1l62ynZ+RZcXO+FYaKMSvzaL9xKkAewibBzAToMUWxykxCIgeGkechCc ll37It93ijxi9vLS+i8WFT4TbBl9+7ICeQ05HrsO4fkI/c2BkpFd0B7dR4WA mcoExJC822H/Opvx/Ok9dyloubJhxNfqNN+J6WmGdeWkSfzT7sQQctSOt4qi QKWm02GRW1ucnOgZJFJ4Qd0mhpksyfLxUuVDl5s08dncnlX/ARqtAS15bze+ oNgqu5gXghWWF/h3c8LBNpN38iVRbpCyJ2QJL+hrCuCfbkP1C4dWwQ== =00Wo -----END PGP SIGNATURE-----
publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys
publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
