Hi,
On Fri, Sep 18, 2020 at 09:24:44AM +1200, openvpn wrote:
> I was wondering if there is a mailing list to get notifications about
> any security advisories for OpenVPN?
>
> I know there is a web page https://openvpn.net/security-advisories but
> we were hoping to subscribe to a mailing list
Hi
I was wondering if there is a mailing list to get notifications about
any security advisories for OpenVPN?
I know there is a web page https://openvpn.net/security-advisories but
we were hoping to subscribe to a mailing list for security advisories.
Regards Megan
__
For "a", one could limit it to the current openvpn version in the script
and print a warning about the script being out of date and possibly
dangerous if the openvpn version is higher?
On 08/16/2017 03:10 AM, open...@keemail.me wrote:
Thank you for the feedback!
a)
You're absolutely right,
Thanks your for the interest.
The first tool, to grade the server configuration will not be like the
ssh-audit tool you mentioned.
It merely parses a local configuration file and informs the user about the
security of the setup and further suggestions.
The second tool I'm planning to release in
Thank you for the feedback!
a)
You're absolutely right, once the tool is not maintained anymore, it could give
a false sense of security and therefore do more harm than good. I'll do my best
to keep it up-to-date. I'm also to open-source it on github, therefore any user
suggestions will be tak
Hello,
On 16/08/17 14:21, open...@keemail.me wrote:
> Hello,
>
> I've developed a Python script to grade OpenVPN server configurations
> considering the security.
> The tool mainly focuses on: auth, cipher, tls-cipher, prng, tls-auth,
> tls-version-min/max, no-replay, no-iv, key-method, ncp-ci
2017-08-16 11:21 GMT+05:00 :
> Hello,
>
> I've developed a Python script to grade OpenVPN server configurations
> considering the security.
> The tool mainly focuses on: auth, cipher, tls-cipher, prng, tls-auth,
> tls-version-min/max, no-replay, no-iv, key-method, ncp-ciphers,
> ncp-disable, tls-c
Hello,
I've developed a Python script to grade OpenVPN server configurations
considering the security.
The tool mainly focuses on: auth, cipher, tls-cipher, prng, tls-auth,
tls-version-min/max, no-replay, no-iv, key-method, ncp-ciphers, ncp-disable,
tls-crypt and key-direction.
The result is
What helped was to uninstall the app completely then reinstall it and import the new ovpn files again.
Sent: Friday, September 26, 2014 at 3:05 PM
From: "Steffan Karger"
To: "Doug Lytle"
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Openvpn security on VP
Hi,
as far as "admin cannot sniff on vmware or kvm" - well, if the admin
controls the hypervisor, he can see all the memory of your VM, and see
and control everything it does.
If he really wants, he can just flip a few bytes in your virtual
/etc/passwd, login as root into your VM, and sniff on t
On 26 Sep 2014 07:37, "Doug Lytle" wrote:
>
> >> Well my problem with this additional tls-auth method is that the droid
version does not support it yet:
>
> I don't have any problems with tls-auth using Feat-VPN on my Droid.
>
> http://www.featvpn.com/
Or use the original open source 'OpenVPN for
>> Well my problem with this additional tls-auth method is that the droid
>> version does not support it yet:
I don't have any problems with tls-auth using Feat-VPN on my Droid.
http://www.featvpn.com/
Doug
--
Meet PCI
y) regenerating all the certificates (rootca, server, clients) and replacing them on all the devices would help in this case or not.
Sent: Thursday, September 25, 2014 at 5:16 AM
From: "Steffan Karger"
To: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Openvpn secur
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
On 24-09-14 11:21, David Sommerseth wrote:
> On 24/09/14 10:26, David Sommerseth wrote:
>> On 24/09/14 10:15, Gert Doering wrote:
But to get to the point, that if I setup openvpn on my
droplet and let's say an evil admin sniffing my traf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/09/14 10:26, David Sommerseth wrote:
> On 24/09/14 10:15, Gert Doering wrote:
>>> But to get to the point, that if I setup openvpn on my droplet
>>> and let's say an evil admin sniffing my traffic for 3 months
>>> with tcpdump then decides to de
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/09/14 10:15, Gert Doering wrote:
>> But to get to the point, that if I setup openvpn on my droplet
>> and let's say an evil admin sniffing my traffic for 3 months with
>> tcpdump then decides to decrypt that traffic what tools does he
>> have (if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 24/09/14 09:50, Stephan Alz wrote:
[...snip...]
> There isn't much point of encrypting the droplet's filesystem when
> the key can easily be dumped out of memory.
>
> But to get to the point, that if I setup openvpn on my droplet and
> let's say
Hi,
On Wed, Sep 24, 2014 at 09:50:35AM +0200, Stephan Alz wrote:
> With the widespread of the cheap vps cloud services lately I wonder what
> protection does openvpn offers ... well against the server administrators.
If the server admin has root, he can sniff on the tun interface, or
grab keys f
Hello,
With the widespread of the cheap vps cloud services lately I wonder what
protection does openvpn offers ... well against the server administrators.
https://www.digitalocean.com/community/tutorials/how-to-secure-traffic-between-vps-using-openvpn
It's obvious that no virtualization tech
> Message: 2
> Date: Thu, 17 Oct 2013 17:45:34 -0400
> From: "Sumit Dahiya"
> Subject: Re: [Openvpn-users] OpenVPN Security
> To:
> Message-ID: <000901cecb82$367ecdf0$a37c69d0$@eistech.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Th
Hi,
On Thu, Oct 17, 2013 at 11:39:08AM -0500, Les Mikesell wrote:
> On Wed, Oct 16, 2013 at 8:00 PM, Jason Haar wrote:
> > On 17/10/13 10:32, Les Mikesell wrote:
> >> Yes, but if someone can MTM the https ssl, why couldn't they do the
> >> same for openvpn's ssl?
> >
> > Because the IT group resp
iFi DNS at
Starbucks (or whetever network they are on).
-Original Message-
From: Davide Brini [mailto:dave...@gmx.com]
Sent: Thursday, October 17, 2013 4:54 AM
To: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] OpenVPN Security
On Wed, 16 Oct 2013 22:14:39 -0400, &qu
On Wed, Oct 16, 2013 at 8:00 PM, Jason Haar wrote:
> On 17/10/13 10:32, Les Mikesell wrote:
>> Yes, but if someone can MTM the https ssl, why couldn't they do the
>> same for openvpn's ssl?
>
> Because the IT group responsible for pushing out VPN client onto laptops
> wouldn't allow the entire val
On Wed, 16 Oct 2013 22:14:39 -0400, "Sumit Dahiya"
wrote:
> I agree there is no such thing as 100% security. Therefore, I am trying to
> make my VPN users as less vulnerable as possible.
>
> If I do not use the "redirect gateway" parameter then users would be
> relying on target website's SSL i
Hi,
On Wed, Oct 16, 2013 at 04:32:18PM -0500, Les Mikesell wrote:
> Yes, but if someone can MTM the https ssl, why couldn't they do the
> same for openvpn's ssl? Is there more than the obscurity of using an
> unexpected port for the traffic?And, on the flip side, if the user
> is really paran
ccess if I can beat those hoodlums
sniffing over public WiFi.
-Original Message-
From: Colin Ryan [mailto:col...@caveo.ca]
Sent: Wednesday, October 16, 2013 7:47 PM
To: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] OpenVPN Security
As all security discussions go; yo
On 17/10/13 10:32, Les Mikesell wrote:
> Yes, but if someone can MTM the https ssl, why couldn't they do the
> same for openvpn's ssl?
Because the IT group responsible for pushing out VPN client onto laptops
wouldn't allow the entire validation component of SSL to be subverted.
That is the fundame
On 2013-10-16 7:30 PM, Jason Haar wrote:
> On 17/10/13 10:24, Sumit Dahiya wrote:
>> MITM attack is exactly why I'd like my users to go through OpenVPN.
>>
>> So I am hearing MITM (for general internet browsing) becomes more probable
>> if my server does not use the directive "redirect-gateway def1
On 17/10/13 10:24, Sumit Dahiya wrote:
> MITM attack is exactly why I'd like my users to go through OpenVPN.
>
> So I am hearing MITM (for general internet browsing) becomes more probable
> if my server does not use the directive "redirect-gateway def1 bypass-dhcp"
> vs. if it were using it, correc
---
From: Jason Haar [mailto:jason_h...@trimble.com]
Sent: Wednesday, October 16, 2013 4:33 PM
To: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] OpenVPN Security
On 17/10/13 02:42, Les Mikesell wrote:
> Banking transactions would normally be done over https - which uses
> s
On Wed, Oct 16, 2013 at 3:33 PM, Jason Haar wrote:
> On 17/10/13 02:42, Les Mikesell wrote:
>> Banking transactions would normally be done over https - which uses
>> ssl. Openvpn would add another layer over the open wifi hop, but I'm
>> not sure how much that adds to the security.
>
> For one thi
Thank you, this is helpful.
-Original Message-
From: Jan Just Keijser [mailto:janj...@nikhef.nl]
Sent: Wednesday, October 16, 2013 7:42 AM
To: Sumit Dahiya
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] OpenVPN Security
Hi,
Sumit Dahiya wrote:
>
>
On 17/10/13 02:42, Les Mikesell wrote:
> Banking transactions would normally be done over https - which uses
> ssl. Openvpn would add another layer over the open wifi hop, but I'm
> not sure how much that adds to the security.
For one thing it stops MITM attacks. Most people are naive and if
they
On Wed, Oct 16, 2013 at 6:42 AM, Jan Just Keijser wrote:
> Hi,
>
>>
>> 2. My understanding is if we do NOT use the push "redirect-gateway
>> def1 bypass-dhcp" directive in our server.config file then clients’
>> *general* browsing data will not pass through OpenVPN server. Also, if
>> I connect to
Hi,
Sumit Dahiya wrote:
>
> Hi All,
>
> Can you please help with following questions: -
>
> 1. We have successfully configured an OpenVPN server and have created
> cert/key pairs for a handful of clients using OpenSSL. Now, we’d like
> to establish secure and encrypted connection between OpenVPN
Hi All,
Can you please help with following questions: -
1. We have successfully configured an OpenVPN server and have created
cert/key pairs for a handful of clients using OpenSSL. Now, we'd like to
establish secure and encrypted connection between OpenVPN clients and the
server. The questi
36 matches
Mail list logo
