** Changed in: vtun (Ubuntu)
Status: Incomplete = Won't Fix
--
MIR for vtun
https://bugs.launchpad.net/bugs/412059
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vtun in ubuntu.
--
Ubuntu-server-bugs mailing list
** Changed in: vtun (Ubuntu)
Assignee: Kees Cook (kees) = (unassigned)
--
MIR for vtun
https://bugs.launchpad.net/bugs/412059
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vtun in ubuntu.
--
Ubuntu-server-bugs mailing list
I have not performed a code review, but am familiar with the software. I
am extremely uncomfortable promoting this to main as is because of the
'encryption' support.
http://www.cs.auckland.ac.nz/~pgut001/pubs/linux_vpn.txt has a good
summary. IMO if this were to be considered for main, we should
I would agree with jdstrand -- this can't go into main. It is flawed by
design. A VPN without encryption means all the nodes between client and
server must be trusted (why not just route?). -1.
** Changed in: vtun (Ubuntu)
Status: New = Incomplete
--
MIR for vtun
* debian/patches/07-fix-gcc-warnings.patch: Fix gcc warnings.
Ouch that actually *hides* the warning, but doesn't handle the error
conditions at all
Thanks for the other changes, but I really think you should either
handle the error conditions or remove the patch altogether.
[ NB:
* Clean
Kees, what's your take on the security implications if we promote vtun
to main? Thanks!
** Changed in: vtun (Ubuntu)
Assignee: Loïc Minier (lool) = Kees Cook (kees)
--
MIR for vtun
https://bugs.launchpad.net/bugs/412059
You received this bug notification because you are a member of Ubuntu
Chuck, you mention in the MIR that the software works out of the box but
the README.Debian and default config seems to imply that one needs to
setup vtun manually after install.
You are right that was a mistake.
Please implement the status action in the init script.
Done
FYI debian/rules isn't
Overall packaging looks good but it's quite scary to include this network
service; it sounds like a light but less secure VPN. For instance
debian/README.Encryption says:
This program includes an encryption feature intended to protect the tunneled
data as it travels across the network. However,
Hmm there are some compilation warnings such as not checking return
values; this is worrying for a root running vpn daemon
--
MIR for vtun
https://bugs.launchpad.net/bugs/412059
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to vtun in
