That is a very good idea and could help prevent some misinterpretations of the
tools results.
Thank you very much!
17. Aug 2017 14:05 by openvpn-users-requ...@lists.sourceforge.net:
> Send Openvpn-users mailing list submissions to
> > openvpn-users@lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> > https://lists.sourceforge.net/lists/listinfo/openvpn-users
> or, via email, send a message with subject or body 'help' to
> > openvpn-users-requ...@lists.sourceforge.net
>
> You can reach the person managing the list at
> > openvpn-users-ow...@lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Openvpn-users digest..."
>
>
> Today's Topics:
>
> 1. Re: OpenVPN security rating tool (Marty G)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 16 Aug 2017 19:00:07 -0400
> From: Marty G <> martygaly...@gmail.com> >
> To: > openvpn-users@lists.sourceforge.net
> Subject: Re: [Openvpn-users] OpenVPN security rating tool
> Message-ID: <> 89cb1a90-7e0e-7689-03f3-6da1a5a7e...@gmail.com> >
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> For "a", one could limit it to the current openvpn version in the script
> and print a warning about the script being out of date and possibly
> dangerous if the openvpn version is higher?
>
>
> On 08/16/2017 03:10 AM, > open...@keemail.me> wrote:
>>
>> Thank you for the feedback!
>>
>> a)
>> You're absolutely right, once the tool is not maintained anymore, it
>> could give a false sense of security and therefore do more harm than
>> good. I'll do my best to keep it up-to-date. I'm also to open-source
>> it on github, therefore any user suggestions will be taken into
>> consideration.
>>
>> It will not be an online tool for now, although I've considered the
>> option. I've planned to release the tool via github, for anyone to
>> download and use it anywhere they want - as some servers may not be
>> publicly accessible. Depending on the usage of the tool, an online
>> service would also make sense. However, with the online service, I
>> want the user data to be handled with in a privacy respecting manner,
>> so that will require some more work.
>>
>> b)
>> Precisely. The tool can not decide such situation depending options.
>> Many of which, I've implemented as an informative text, with an
>> explanation what the option does exactly (e.g. --client-to-client,
>> which may be a threat or may be very much intended). Other
>> cryptography based options (e.g. --cipher or --tls-cipher) may also be
>> deliberately configured in a less secure manner, to achieve a better
>> compatibility with older devices. The user will be informed about the
>> less secure options (with an information about the compatibility
>> trade-off), but in the end the user has to decide what is right for
>> their specific setup.
>>
>> Kind regards
>>
>>
>> 16. Aug 2017 08:43 by >> a...@unstable.cc>> <>> mailto:a...@unstable.cc>> >:
>>
>> Hello,
>>
>> On 16/08/17 14:21, >> open...@keemail.me>> <>>
>> mailto:open...@keemail.me>> >
>> wrote:
>>
>> Hello,
>>
>> I've developed a Python script to grade OpenVPN server
>> configurations considering the security.
>> The tool mainly focuses on: auth, cipher, tls-cipher, prng,
>> tls-auth, tls-version-min/max, no-replay, no-iv, key-method,
>> ncp-ciphers, ncp-disable, tls-crypt and key-direction.
>>
>> The result is a grade between F and A+ and suggestions on how
>> to enhance the security of the OpenVPN setup.
>>
>> I've tested it with various OpenVPN server configurations, I
>> found online, but I would like to gather some feedback from
>> the community and update the tool accordingly, before
>> releasing it.
>>
>> This tool is intended for server operators, but I'm about to
>> complete a second tool, intended for OpenVPN users.
>>
>> The goal is to help operators to enhance the security of their
>> OpenVPN servers and to help users determine the security of
>> the server they're using.
>>
>> If you're interested in testing the tool and would like to
>> provide some valuable feedback, or have any other questions
>> about the project, please contact me.
>>
>>
>>
>> I am no expert here, but my personal opinion is that such a tool
>> can be
>> a bit dangerous. Here are some thought that just came to my mind:
>>
>> a) you have to be sure you keep it up to date, because a good option X
>> today, might become a bad option tomorrow (i.e. due to a bug being
>> found). Is the tool an online tool? otherwise this means that people
>> having different versions might get different results (due to the
>> previous point). Without talking about when the tool won't be
>> maintained
>> anymore (like what happens to today with thousands of openvpn outdated
>> resources online)
>>
>> b) certain options can be good or bad depending on the situation/setup
>> and I doubt the tool can take that into account, although I guess you
>> can lean towards a "safer" or "stricter" ranking approach...
>>
>>
>> Anyway, this is just my opinion :) I might be wrong here, therefore
>> don't be torn down by my statements.
>> For sure it's nice to see effort being put in improving the average
>> server configuration out there.
>>
>> Cheers,
>>
>>
>> Thank you and kind regards.
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! >> http://sdm.link/slashdot
>>
>>
>>
>> _______________________________________________
>> Openvpn-users mailing list
>> >> Openvpn-users@lists.sourceforge.net
>> <>> mailto:Openvpn-users@lists.sourceforge.net>> >
>> >> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>>
>>
>> --
>> Antonio Quartulli
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! >> http://sdm.link/slashdot
>>
>>
>> _______________________________________________
>> Openvpn-users mailing list
>> Openvpn-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
>
> ------------------------------
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! > http://sdm.link/slashdot
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
>
> ------------------------------
>
> End of Openvpn-users Digest, Vol 135, Issue 18
> **********************************************
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
