Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-08 Thread Carsten Krüger
Hallo David, > However, how will this approach make sure that malware don't use such a > (new) openvpn service to redirect all Internet traffic via a third-party > which can analyse everything happening? A malware on openvpn endpoint can analyse all decrypted traffic. No need to redirect. If you

Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-07 Thread michael-dev
Hi, On Wed, 07 Mar 2012 09:00:04 +1300, Jason Haar wrote: Your comments on rogue servers is certainly worth discussing too. What can a rogue openvpn server push back to a client? Routes obviously - but other than screwing the client, is there any new risk? if you expect the server to be

Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-06 Thread Jason Haar
On 07/03/12 07:55, Alon Bar-Lev wrote: > 1. Multi user computer - we need to make sure one user cannot use > another user credentials and not effect the other users. With changes > I suggested there is full solution for this. Is that really a risk worth solving? I mean, does *anyone*, *anywhere*

Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-06 Thread Alon Bar-Lev
On Tue, Mar 6, 2012 at 8:41 PM, David Sommerseth wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 06/03/12 19:26, Alon Bar-Lev wrote: >> On Tue, Mar 6, 2012 at 7:42 PM, Russell Morris >> wrote: >>> Hi, >>> >>> >>> >>> That makes

Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-06 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/03/12 19:26, Alon Bar-Lev wrote: > On Tue, Mar 6, 2012 at 7:42 PM, Russell Morris > wrote: >> Hi, >> >> >> >> That makes sense - thanks! I'm not a security expert by any means, >> so the thread lost me when it diverged

Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-06 Thread David Sommerseth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/03/12 18:42, Russell Morris wrote: > Hi, > > > > That makes sense - thanks! I'm not a security expert by any means, so > the thread lost me when it diverged into this area ... :-(. > > > > At the risk of asking a stupid question (but that

Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-06 Thread Alon Bar-Lev
On Tue, Mar 6, 2012 at 7:42 PM, Russell Morris wrote: > Hi, > > > > That makes sense - thanks! I'm not a security expert by any means, so the > thread lost me when it diverged into this area ... :-(. > > > > At the risk of asking a stupid question (but that is my specialty

Re: [Openvpn-devel] OpenVPN Management Interface

2012-03-06 Thread Alon Bar-Lev
This exactly what we discuss at the privilege separation thread... Currently to change configuration you need to start a process. 2012/3/6 Russell Morris : > Hi, > > > > Taking off from the thread below - is it possible in Windows to start > openvpn, but only as a sort of