May I ask a more generic question about the implementation of the interactive service?
So I understand that the patch allows clients to instruct the service to modify the routing table. In short, it allows ordinary users (since any program could impersonate the openvpn client) to modify the routing table. Is this a good idea? Imagine a rogue MITM client that somehow got onto a user's PC. It then uses the Interactive Service to divert all traffic to a C&C server. Now all Internet traffic can be eavesdropped upon. Wouldn't it be better as debbie10t suggested to restrict ordinary users to only the VPN configurations that are permitted by the administrator? Daniel On Fri, Feb 5, 2016 at 2:57 AM, Steffan Karger <stef...@karger.me> wrote: > On Thu, Feb 4, 2016 at 4:40 PM, Selva Nair <selva.n...@gmail.com> wrote: > > On Thu, Feb 4, 2016 at 4:38 AM, Gert Doering <g...@greenie.muc.de> > wrote: > >> Thanks. I take this as an ACK from your for the service change, and > >> Arne's mail as an ACK for the openvpn side, and merge it tonight. > >> > >> Then we can go about improving things further (... while we wait for > >> the other large 2.4 feature to fully show up, AEAD...) > > > > Sounds good! > > Yes, I think the same. I also briefly looked at the openvpn bits, and > those look good to me too. I did not check the openvpnserv bits, but > I think Selva has that covered (and more experience). > > -Steffan > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel >
