Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

From: Samuli Seppänen Sent: Wed May 13 15:07:03 CEST 2015 To: Lisa Minogue , , Jonathan K. Bullard Subject: Re: [Openvpn-devel] Request peer review of modified OpenVPN client software The obfuscation guide you linked to does not have official

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

> > From: Samuli Seppänen > Sent: Wed May 13 15:07:03 CEST 2015 > To: Lisa Minogue , , > Jonathan K. Bullard > Subject: Re: [Openvpn-devel] Request peer review of modified OpenVPN client > software > > The obfuscation guide

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

Do OpenVPN developers have an official wiki on how to use obfsproxy with OpenVPN? Or is the article referenced by the following URL--https://community.openvpn.net/openvpn/wiki/TrafficObfuscation--your official guide? The obfuscation guide you linked to does not have official blessing from

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

On 13/05/15 02:05, Lisa Minogue wrote: > Hi David > >> From: David Sommerseth >> Sent: Tue May 12 23:07:52 CEST 2015 >> To: Lisa Minogue , Jonathan K. Bullard >> >> Subject: Re: [Openvpn-devel] Request peer review of modified OpenVPN client >>

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

Hi David > From: David Sommerseth > Sent: Tue May 12 23:07:52 CEST 2015 > To: Lisa Minogue , Jonathan K. Bullard > Subject: Re: [Openvpn-devel] Request peer review of modified OpenVPN client > software > > So if there are issues in stunnel, try asking that community i

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

On 12/05/15 16:41, Lisa Minogue wrote: >> "Jonathan K. Bullard" wrote: >> >> The openvpn_xorpatch which as introduced and discussed in this thread does >> have some vulnerabilities. >> >> Most of the vulnerabilities are null pointer dereferences or other errors >> when parsing the "scramble" opt

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

> "Jonathan K. Bullard" wrote: > > The openvpn_xorpatch which as introduced and discussed in this thread does > have some vulnerabilities. > > Most of the vulnerabilities are null pointer dereferences or other errors > when parsing the "scramble" option or are triggered by unlikely values for >

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

On Tue, May 12, 2015 at 7:27 AM, Lisa Minogue wrote: > Can I conclude from your above statements that applying obfuscation > patches to the standard OpenVPN client software may actually introduce > security vulnerabilities? > The openvpn_xorpatch

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

Am 12.05.15 um 13:27 schrieb Lisa Minogue: >> Arne Schwabe wrote: >> >> It has probably some obfuscation/encryption patches applied. There is no >> official obfuscation capability in OpenVPN yet since the core OpenVPN >> developers believe that such a mechansim should be either implemented in

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

> Arne Schwabe wrote: > > It has probably some obfuscation/encryption patches applied. There is no > official obfuscation capability in OpenVPN yet since the core OpenVPN > developers believe that such a mechansim should be either implemented in a > plugin or other way (e.g., a proxy) that is f

Re: [Openvpn-devel] Request peer review of modified OpenVPN client software

Am 12.05.15 um 09:59 schrieb Lisa Minogue: > Hi guys, > > I obtained a modified OpenVPN client software from a friend and wonder if any > of you would like to help review it for security vulnerabilities, design > flaws, incorrect implemention of code, etc... > > To the best of my knowledge, mod