Am 09.04.14 10:32, schrieb Илья Шипицин: > I used to think that client without "nobind" option binds to 1194/udp > (we encountered that issue with multiple openvpn connection on the > same machine), so, "nobind" tells openvpn instance not to bind to > udp/1194, and so, only openvpn server can exploit heartbleed > vulnerability, but not any attacker. > Yes the server can attack you. Or any man in the middle attack including ARP spoofing/DNS spoofing etc.
If you see nobind that as protection basically you don't need a VPN. Arne
signature.asc
Description: OpenPGP digital signature
