Hello, On 16/08/17 14:21, open...@keemail.me wrote: > Hello, > > I've developed a Python script to grade OpenVPN server configurations > considering the security. > The tool mainly focuses on: auth, cipher, tls-cipher, prng, tls-auth, > tls-version-min/max, no-replay, no-iv, key-method, ncp-ciphers, ncp-disable, > tls-crypt and key-direction. > > The result is a grade between F and A+ and suggestions on how to enhance the > security of the OpenVPN setup. > > I've tested it with various OpenVPN server configurations, I found online, > but I would like to gather some feedback from the community and update the > tool accordingly, before releasing it. > > This tool is intended for server operators, but I'm about to complete a > second tool, intended for OpenVPN users. > > The goal is to help operators to enhance the security of their OpenVPN > servers and to help users determine the security of the server they're using. > > If you're interested in testing the tool and would like to provide some > valuable feedback, or have any other questions about the project, please > contact me.
I am no expert here, but my personal opinion is that such a tool can be a bit dangerous. Here are some thought that just came to my mind: a) you have to be sure you keep it up to date, because a good option X today, might become a bad option tomorrow (i.e. due to a bug being found). Is the tool an online tool? otherwise this means that people having different versions might get different results (due to the previous point). Without talking about when the tool won't be maintained anymore (like what happens to today with thousands of openvpn outdated resources online) b) certain options can be good or bad depending on the situation/setup and I doubt the tool can take that into account, although I guess you can lean towards a "safer" or "stricter" ranking approach... Anyway, this is just my opinion :) I might be wrong here, therefore don't be torn down by my statements. For sure it's nice to see effort being put in improving the average server configuration out there. Cheers, > > Thank you and kind regards. > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users > -- Antonio Quartulli
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
