Date: Tue, 20 Dec 2016 20:03:59 +0100
From: Steffan Karger
Hi,
Exactly. To reliably bypass good DPI, it is not sufficient to hide that
traffic is (Open)VPN traffic, but instead you'll need to make it look
like allowed traffic. Tunneling over stunnel (which is 'plain' TLS, so
looks very simi
Hi Jack,
On 22/12/16 13:35, jack seth wrote:
>
> Date: Tue, 20 Dec 2016 20:03:59 +0100
> From: Steffan Karger
>
> Hi,
>
>
> Exactly. To reliably bypass good DPI, it is not sufficient to hide that
> traffic is (Open)VPN traffic, but instead you'll need to make it look
> like allowed traffic. Tun
Hi,
On Sat, Dec 17, 2016 at 5:13 AM, Gert Doering wrote:
> (Main reason we can't stick to BF-CBC is that we use OTP passwords and
> with "reneg-bytes 64M" it's asking way too often for user+password...)
>
If I may ask, assuming you use username/password + OTP, how do you do
auth-user-pass-verif
Hi,
On Thu, Dec 22, 2016 at 11:26:14AM -0500, Selva Nair wrote:
> On Sat, Dec 17, 2016 at 5:13 AM, Gert Doering wrote:
>
> > (Main reason we can't stick to BF-CBC is that we use OTP passwords and
> > with "reneg-bytes 64M" it's asking way too often for user+password...)
>
> If I may ask, assumi
Hi,
Thanks for the details.
On Thu, Dec 22, 2016 at 11:40 AM, Gert Doering wrote:
> We do not use challenge (static or dynamic) today, as we did not know
> that these exist when building the system - so the user enters
> his "token + PIN" as one string into the "Password:" field, and the
> Kobi
