On 06/08/17 10:35, Yevgeny Kosarzhevsky wrote:
> OpenVPN without encryption or with weak encryption using '--auth none
> --no-iv --no-replay' is still great tool for tunneling traffic over UDP
> protocol.

Fair enough, I've learnt that there are some scenarios which can benefit
from this.

> IPIP, L2TP or other known tunneling solutions may be blocked
> in certain countries. This is the reason I would vote to keep no-iv
> option in upcoming 2.5 release.

The --no-iv option will be removed in v2.5.  That is not up for
discussion, and in accordance with recommendation by *two recent
security audits*.


Perhaps it is much more advisable to look at similar other projects to
do insecure virtual networking (unencrypted tunnels).  After all, the P
in VPN is about "Private" - and OpenVPN is first and foremost a VPN
solution - which depends heavily on the P.  We cannot sacrifice the
security aspect purely on the cost of convenience.

kind regards,

David Sommerseth
OpenVPN Technologies, Inc

Attachment: signature.asc
Description: OpenPGP digital signature

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Openvpn-users mailing list

Reply via email to