On 06/08/17 10:35, Yevgeny Kosarzhevsky wrote:
> OpenVPN without encryption or with weak encryption using '--auth none
> --no-iv --no-replay' is still great tool for tunneling traffic over UDP
> protocol.

Fair enough, I've learnt that there are some scenarios which can benefit
from this.

> IPIP, L2TP or other known tunneling solutions may be blocked
> in certain countries. This is the reason I would vote to keep no-iv
> option in upcoming 2.5 release.

The --no-iv option will be removed in v2.5.  That is not up for
discussion, and in accordance with recommendation by *two recent
security audits*.

<https://ostif.org/the-openvpn-2-4-0-audit-by-ostif-and-quarkslab-results/>
<https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-2-fixes-critical-issues-discovered-openvpn-audit-reports/>

Perhaps it is much more advisable to look at similar other projects to
do insecure virtual networking (unencrypted tunnels).  After all, the P
in VPN is about "Private" - and OpenVPN is first and foremost a VPN
solution - which depends heavily on the P.  We cannot sacrifice the
security aspect purely on the cost of convenience.


-- 
kind regards,

David Sommerseth
OpenVPN Technologies, Inc


Attachment: signature.asc
Description: OpenPGP digital signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to