Jump to content
Not connected, Your IP: 18.191.200.223

Recommended Posts

Hello,

 

The latest stable client of Eddie - 2.10, is using a very outdated version of OpenSSL (1.0.3c) that has many vulnerabilities. Your latest experimental version of Eddie - 2.11 still uses an outdated version of OpenSSL that has a few known vulnerabilities. Please explain why as a major VPN provider, especially one that puts an emphasis on privacy, does not bother to keep OpenSSL updated even though there are several vulnerabilities reported as "High Severity"?

 

https://www.openssl.org/news/vulnerabilities.html#y2016

 

Share this post


Link to post

Hello,

 

The latest stable client of Eddie - 2.10, is using a very outdated version of OpenSSL (1.0.3c) that has many vulnerabilities. Your latest experimental version of Eddie - 2.11 still uses an outdated version of OpenSSL that has a few known vulnerabilities.

 

Only in your fantasy. Please check your facts.

 

Check here:

https://airvpn.org/services/changelog.php?software=client&format=html

 

and make sure to keep YOUR OpenSSL and OpenVPN up to date, because Eddie can use OpenVPN you pre-installed in your system (according to your preferences).

 

Kind regards

Share this post


Link to post

Hello,

 

The latest stable client of Eddie - 2.10, is using a very outdated version of OpenSSL (1.0.3c) that has many vulnerabilities. Your latest experimental version of Eddie - 2.11 still uses an outdated version of OpenSSL that has a few known vulnerabilities. Please explain why as a major VPN provider, especially one that puts an emphasis on privacy, does not bother to keep OpenSSL updated even though there are several vulnerabilities reported as "High Severity"?

 

https://www.openssl.org/news/vulnerabilities.html#y2016

The main critial vulnerability only affects version OpenSSL 1.1.0a, and the other only version OpenSSL 1.0.2i

Share this post


Link to post

From the log in Eddie 2.11.5, I can see that OpenVPN version (2.3.12) is the latest, while OpenSSL (1.0.2h) and OpenSSH (7.2) are not. Although vulnerabilities may not be critical, as users, I still want the back processes are up-to-date, especially new Eddie beta is being developed.

By the way, Staff mentioned Eddie will use OpenVPN users pre-installed in system (that's proved true in my OS), is it also applied to OpenSSL and OpenSSH. In other words, if I install the latest of them manually according to relevant websites, will Eddie use them properly? No compatibility issues with servers?

Share this post


Link to post
I 2016.10.22 12:55:54 - OpenVPN - Version: OpenVPN 2.3.12 (/usr/sbin/openvpn)
I 2016.10.22 12:55:54 - SSH - Version: OpenSSH_7.3p1 Debian-1, OpenSSL 1.0.2j  26 Sep 2016 (/usr/bin/ssh)
I 2016.10.22 12:55:54 - SSL - Version: stunnel 5.36 (/usr/bin/stunnel4)

Does this answer your question?


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

 

I 2016.10.22 12:55:54 - OpenVPN - Version: OpenVPN 2.3.12 (/usr/sbin/openvpn)
I 2016.10.22 12:55:54 - SSH - Version: OpenSSH_7.3p1 Debian-1, OpenSSL 1.0.2j  26 Sep 2016 (/usr/bin/ssh)
I 2016.10.22 12:55:54 - SSL - Version: stunnel 5.36 (/usr/bin/stunnel4)

Does this answer your question?

For me it is using old version

 

I 2016.10.22 09:08:52 - Eddie client version: 2.11.5 / windows_x64, System: Windows, Name: Microsoft Windows NT 10.0.14393.0

. 2016.10.22 09:08:52 - Reading options from C:\Users\Alexis\AppData\Local\AirVPN\AirVPN.xml

. 2016.10.22 09:08:53 - Data Path: C:\Users\Alexis\AppData\Local\AirVPN

. 2016.10.22 09:08:53 - App Path: C:\Program Files\AirVPN

. 2016.10.22 09:08:53 - Executable Path: C:\Program Files\AirVPN\AirVPN.exe

. 2016.10.22 09:08:53 - Command line arguments (1): path="home"

. 2016.10.22 09:08:53 - Operating System: Microsoft Windows NT 10.0.14393.0

. 2016.10.22 09:08:53 - Shell of 'C:\Program Files\AirVPN\openvpn.exe','--version' done sync in 93 ms

. 2016.10.22 09:08:53 - Shell of 'C:\Program Files\AirVPN\plink.exe','-V' done sync in 79 ms

. 2016.10.22 09:08:53 - Shell of 'C:\Program Files\AirVPN\stunnel.exe','-version' done sync in 109 ms

. 2016.10.22 09:08:53 - Shell of 'C:\Program Files\AirVPN\curl.exe','--version' done sync in 94 ms

I 2016.10.22 09:08:53 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.2

I 2016.10.22 09:08:53 - OpenVPN - Version: OpenVPN 2.3.12 (C:\Program Files\AirVPN\openvpn.exe)

I 2016.10.22 09:08:53 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe)

I 2016.10.22 09:08:53 - SSL - Version: stunnel 5.32 (C:\Program Files\AirVPN\stunnel.exe)

! 2016.10.22 09:08:54 - Ready

. 2016.10.22 09:08:54 - Updating systems & servers data ...

. 2016.10.22 09:08:55 - Systems & servers data update completed

. 2016.10.22 09:10:26 - Shell of 'cmd.exe','/c route PRINT' done sync in 234 ms

. 2016.10.22 09:10:26 - Shell of 'cmd.exe','/c ipconfig /all' done sync in 125 ms

I 2016.10.22 09:12:58 - Session starting.

. 2016.10.22 09:12:58 - IPv6 disabled with packet filtering.

I 2016.10.22 09:12:58 - Checking authorization ...

! 2016.10.22 09:12:59 - Connecting to Yildun (United States, Miami)

. 2016.10.22 09:13:00 - SSL > 2016.10.22 09:12:59 LOG5[ui]: stunnel 5.32 on x86-pc-mingw32-gnu platform

. 2016.10.22 09:13:00 - SSL > 2016.10.22 09:12:59 LOG5[ui]: Compiled/running with OpenSSL 1.0.2h  3 May 2016

. 2016.10.22 09:13:00 - SSL > 2016.10.22 09:12:59 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI

. 2016.10.22 09:13:00 - SSL > 2016.10.22 09:12:59 LOG5[ui]: Reading configuration from file C:\Users\Alexis\AppData\Local\AirVPN\a15fd5fd8326f7369d539312f23dfb4b223c38da7002a28da0724ff18557e0e4.tmp.ssl

. 2016.10.22 09:13:00 - SSL > 2016.10.22 09:12:59 LOG5[ui]: UTF-8 byte order mark not detected

. 2016.10.22 09:13:00 - SSL > 2016.10.22 09:13:00 LOG6[ui]: Initializing service [openvpn]

. 2016.10.22 09:13:00 - SSL > 2016.10.22 09:13:00 LOG5[ui]: Configuration successful

. 2016.10.22 09:13:00 - OpenVPN > OpenVPN 2.3.12 x86_64-w64-mingw32 [sSL (OpenSSL)] [LZO] [iPv6] built on Sep  5 2016

. 2016.10.22 09:13:00 - OpenVPN > Windows version 6.2 (Windows 8 or greater) 64bit

. 2016.10.22 09:13:00 - OpenVPN > library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09

. 2016.10.22 09:13:00 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100

. 2016.10.22 09:13:01 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file

. 2016.10.22 09:13:01 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

. 2016.10.22 09:13:01 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

. 2016.10.22 09:13:01 - OpenVPN > Socket Buffers: R=[65536->262144] S=[65536->262144]

. 2016.10.22 09:13:01 - OpenVPN > Attempting to establish TCP connection with [AF_INET]127.0.0.1:49093 [nonblock]

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG5[0]: Service [openvpn] accepted connection from 127.0.0.1:53177

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG6[0]: s_connect: connecting 173.44.55.180:443

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG5[0]: s_connect: connected 173.44.55.180:443

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG5[0]: Service [openvpn] connected remote server from 192.168.0.3:53178

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG6[0]: SNI: sending servername: 173.44.55.180

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG6[0]: CERT: Locally installed certificate matched

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG5[0]: Certificate accepted at depth=0: C=IT, ST=Italy, L=Perugia, O=AirVPN, OU=stunnel, CN=stunnel.airvpn.org, emailAddress=info@airvpn.org

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG6[0]: Client certificate not requested

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG6[0]: SSL connected: new session negotiated

. 2016.10.22 09:13:01 - SSL > 2016.10.22 09:13:01 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)

. 2016.10.22 09:13:02 - OpenVPN > TCP connection established with [AF_INET]127.0.0.1:49093

. 2016.10.22 09:13:02 - OpenVPN > TCPv4_CLIENT link local: [undef]

. 2016.10.22 09:13:02 - OpenVPN > TCPv4_CLIENT link remote: [AF_INET]127.0.0.1:49093

. 2016.10.22 09:13:02 - OpenVPN > TLS: Initial packet from [AF_INET]127.0.0.1:49093, sid=214c4bcd 2b5c3f4e

. 2016.10.22 09:13:02 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org

. 2016.10.22 09:13:02 - OpenVPN > Validating certificate key usage

. 2016.10.22 09:13:02 - OpenVPN > ++ Certificate has key usage  00a0, expects 00a0

. 2016.10.22 09:13:02 - OpenVPN > VERIFY KU OK

. 2016.10.22 09:13:02 - OpenVPN > Validating certificate extended key usage

. 2016.10.22 09:13:02 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

. 2016.10.22 09:13:02 - OpenVPN > VERIFY EKU OK

. 2016.10.22 09:13:02 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org

. 2016.10.22 09:13:02 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

. 2016.10.22 09:13:02 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

. 2016.10.22 09:13:02 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key

. 2016.10.22 09:13:02 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

. 2016.10.22 09:13:02 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

. 2016.10.22 09:13:02 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]127.0.0.1:49093

. 2016.10.22 09:13:04 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

. 2016.10.22 09:13:05 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.50.0.1,comp-lzo no,route-gateway 10.50.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.50.4.53 255.255.0.0'

. 2016.10.22 09:13:05 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified

. 2016.10.22 09:13:05 - OpenVPN > OPTIONS IMPORT: LZO parms modified

. 2016.10.22 09:13:05 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified

. 2016.10.22 09:13:05 - OpenVPN > OPTIONS IMPORT: route options modified

. 2016.10.22 09:13:05 - OpenVPN > OPTIONS IMPORT: route-related options modified

. 2016.10.22 09:13:05 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

. 2016.10.22 09:13:05 - OpenVPN > ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=3 HWADDR=2c:6e:85:26:31:44

. 2016.10.22 09:13:05 - OpenVPN > do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0

. 2016.10.22 09:13:05 - OpenVPN > open_tun, tt->ipv6=0

. 2016.10.22 09:13:05 - OpenVPN > TAP-WIN32 device [Ethernet 2] opened: \\.\Global\{6BB7F2F1-8859-4867-A60B-2477CB718765}.tap

. 2016.10.22 09:13:05 - OpenVPN > TAP-Windows Driver Version 9.21

. 2016.10.22 09:13:05 - OpenVPN > Set TAP-Windows TUN subnet mode network/local/netmask = 10.50.0.0/10.50.4.53/255.255.0.0 [sUCCEEDED]

. 2016.10.22 09:13:05 - OpenVPN > Notified TAP-Windows driver to set a DHCP IP/netmask of 10.50.4.53/255.255.0.0 on interface {6BB7F2F1-8859-4867-A60B-2477CB718765} [DHCP-serv: 10.50.255.254, lease-time: 31536000]

. 2016.10.22 09:13:05 - OpenVPN > Successful ARP Flush on interface [6] {6BB7F2F1-8859-4867-A60B-2477CB718765}

. 2016.10.22 09:13:10 - OpenVPN > TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up

. 2016.10.22 09:13:10 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 127.0.0.1 MASK 255.255.255.255 192.168.0.1

. 2016.10.22 09:13:10 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=55 and dwForwardType=4

. 2016.10.22 09:13:10 - OpenVPN > Route addition via IPAPI succeeded [adaptive]

. 2016.10.22 09:13:10 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.50.0.1

. 2016.10.22 09:13:10 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4

. 2016.10.22 09:13:10 - OpenVPN > Route addition via IPAPI succeeded [adaptive]

. 2016.10.22 09:13:10 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.50.0.1

. 2016.10.22 09:13:10 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4

. 2016.10.22 09:13:10 - OpenVPN > Route addition via IPAPI succeeded [adaptive]

. 2016.10.22 09:13:10 - OpenVPN > C:\WINDOWS\system32\route.exe ADD 173.44.55.180 MASK 255.255.255.255 192.168.0.1

. 2016.10.22 09:13:10 - OpenVPN > ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=55 and dwForwardType=4

. 2016.10.22 09:13:10 - OpenVPN > Route addition via IPAPI succeeded [adaptive]

. 2016.10.22 09:13:10 - Starting Management Interface

. 2016.10.22 09:13:10 - OpenVPN > Initialization Sequence Completed

. 2016.10.22 09:13:10 - DNS leak protection with packet filtering enabled.

. 2016.10.22 09:13:10 - DNS of a network adapter forced (Intel® Dual Band Wireless-AC 3160, from automatic (208.67.222.222,208.67.220.220) to 10.50.0.1)

. 2016.10.22 09:13:10 - DNS of a network adapter forced (TAP-Windows Adapter V9, from manual (10.4.0.1) to 10.50.0.1)

I 2016.10.22 09:13:10 - Flushing DNS

I 2016.10.22 09:13:10 - Checking route

I 2016.10.22 09:13:12 - Checking DNS

! 2016.10.22 09:13:24 - Connected.

. 2016.10.22 09:13:24 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100

. 2016.10.22 09:13:24 - OpenVpn Management > >INFO:OpenVPN Management Interface Version 1 -- type 'help' for more info

. 2016.10.22 09:13:59 - SSL > 2016.10.22 09:13:59 LOG6[cron]: Executing cron jobs

. 2016.10.22 09:13:59 - SSL > 2016.10.22 09:13:59 LOG6[cron]: Cron jobs completed in 0 seconds

 

Share this post


Link to post
I 2016.10.22 09:08:53 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.2
I 2016.10.22 09:08:53 - OpenVPN - Version: OpenVPN 2.3.12 (C:\Program Files\AirVPN\openvpn.exe)
I 2016.10.22 09:08:53 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe)
I 2016.10.22 09:08:53 - SSL - Version: stunnel 5.32 (C:\Program Files\AirVPN\stunnel.exe)

Oh, alright, you're using Windows..

 

One way to update openvpn and openssl is to install the Windows OpenVPN package but not the full one, only the user-space components. Then you paste both files into C:\ProgFiles\AirVPN. I've mentioned this in my Securepoint OpenVPN How-To. plink and stunnel need to be updated separately.

 

As you can see, on Linux it uses the system binaries. Much easier to keep them updated.

 

On Linux, almost everything is much easier than on Windows, not only this. Consider switching! I mean it.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

"make sure to keep YOUR OpenSSL and OpenVPN up to date" - @staff

With due respect, this does not seem clear to paying subscribers.

I just installed Eddie 2.11.5beta, with prefs set to Protocols=SSL,443 and:

 

I 2016.10.23 11:08:20 - Eddie client version: 2.11.5 / windows_x64, System: Windows, Name: Microsoft Windows NT 6.1.7601 Service Pack 1
....
! 2016.10.23 11:08:42 - Connecting to Hadar (Hong Kong, Hong Kong)
. 2016.10.23 11:08:42 - SSL > 2016.10.23 11:08:42 LOG5[ui]: stunnel 5.32 on x86-pc-mingw32-gnu platform
. 2016.10.23 11:08:42 - SSL > 2016.10.23 11:08:42 LOG5[ui]: Compiled/running with OpenSSL 1.0.2h  3 May 2016
. 2016.10.23 11:08:42 - SSL > 2016.10.23 11:08:42 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI

So off to https://www.openssl.org and download openssl-1.0.2j.tar.gz but it is ONLY .c source with old doco about perl scripts to make (don't want to go there)

So off to https://www.stunnel.org and install https://www.stunnel.org/downloads/stunnel-5.36-installer.exe, which tries to get all sorts of info to generate a distinguished name for a certificate (bail out), seems to finish install anyway.

Copy stunnel.exe to AirVPN with rename of orig.

Start up AirVPN:

"The ordinal 3253 could not be located in the dynamic link library LIBEAY32.3ll"

"SSL not found"

Revert to 2.11.5beta stunnel.exe.

 

"On Linux, almost everything is much easier than on Windows, not only this. Consider switching!"

 

 

I actually run Linux in VirtualBox on this W7 laptop for internet facing apps, but prefer to also run W7 and have VPN for both.

 

/*TODO Update 2.11.x to latest SSL etc binaries for security before declare not beta */

Share this post


Link to post

"make sure to keep YOUR OpenSSL and OpenVPN up to date" - @staff

With due respect, this does not seem clear to paying subscribers.

I just installed Eddie 2.11.5beta, with prefs set to Protocols=SSL,443 and:

 

I 2016.10.23 11:08:20 - Eddie client version: 2.11.5 / windows_x64, System: Windows, Name: Microsoft Windows NT 6.1.7601 Service Pack 1

....

! 2016.10.23 11:08:42 - Connecting to Hadar (Hong Kong, Hong Kong)

. 2016.10.23 11:08:42 - SSL > 2016.10.23 11:08:42 LOG5[ui]: stunnel 5.32 on x86-pc-mingw32-gnu platform

. 2016.10.23 11:08:42 - SSL > 2016.10.23 11:08:42 LOG5[ui]: Compiled/running with OpenSSL 1.0.2h  3 May 2016

. 2016.10.23 11:08:42 - SSL > 2016.10.23 11:08:42 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,OCSP,PSK,SNI

So off to https://www.openssl.org and download openssl-1.0.2j.tar.gz but it is ONLY .c source with old doco about perl scripts to make (don't want to go there)

So off to https://www.stunnel.org and install https://www.stunnel.org/downloads/stunnel-5.36-installer.exe, which tries to get all sorts of info to generate a distinguished name for a certificate (bail out), seems to finish install anyway.

Copy stunnel.exe to AirVPN with rename of orig.

Start up AirVPN:

"The ordinal 3253 could not be located in the dynamic link library LIBEAY32.3ll"

"SSL not found"

Revert to 2.11.5beta stunnel.exe.

 

"On Linux, almost everything is much easier than on Windows, not only this. Consider switching!"

 

 

I actually run Linux in VirtualBox on this W7 laptop for internet facing apps, but prefer to also run W7 and have VPN for both.

 

/*TODO Update 2.11.x to latest SSL etc binaries for security before declare not beta */

 

 

The point staff made to the OP was that the version of openssl the OP claimed Eddie was using were never used by Eddie, at least in the changelog to which staff pasted the link.  I'm assuming the OP meant 1.0.2c, not 1.0.3c.  So, the only way the OP could be using openssl 1.0.2c was if he/she installed it separately from Eddie.

Share this post


Link to post

 

I 2016.10.22 09:08:53 - OpenVPN Driver - TAP-Windows Adapter V9, version 9.21.2
I 2016.10.22 09:08:53 - OpenVPN - Version: OpenVPN 2.3.12 (C:\Program Files\AirVPN\openvpn.exe)
I 2016.10.22 09:08:53 - SSH - Version: plink 0.63 (C:\Program Files\AirVPN\plink.exe)
I 2016.10.22 09:08:53 - SSL - Version: stunnel 5.32 (C:\Program Files\AirVPN\stunnel.exe)

Oh, alright, you're using Windows..

 

One way to update openvpn and openssl is to install the Windows OpenVPN package but not the full one, only the user-space components. Then you paste both files into C:\ProgFiles\AirVPN. I've mentioned this in my Securepoint OpenVPN How-To. plink and stunnel need to be updated separately.

 

As you can see, on Linux it uses the system binaries. Much easier to keep them updated.

 

On Linux, almost everything is much easier than on Windows, not only this. Consider switching! I mean it.

I am using Mac OSX. I have tried to update OpenSSH, SSL and stunnel on the system by different ways, some of which succeeded but Eddie still used the same old one. It seemed Eddie did not recognize the paths of new installation. I tried to copy the update files to /usr/bin or /Applications/AirVPN.app by command lines but were unable to complete. Could Eddie's default paths of the libraries be changed? I tried to specified in OpenVPN Custom Path in Advance tab of Eddie, but nothing changed. Anyone know how to fix it in OSX? By directives?

 

I knew the server side may not use the latest versions of OpenSSH, SSL and stunnel, but I would still like to update my client (just like Giganerd did, provided that the old & new ones compatitble to use; of course it will be perfect if Air can update them, but I know saying is always easier than doing).

Some relevant log was as below:

I 2016.10.24 20:12:13 - OpenVPN - Version: OpenVPN 2.3.12 (/Applications/AirVPN.app/Contents/MacOS/openvpn)

I 2016.10.24 20:12:13 - SSH - Version: OpenSSH_7.2p2, LibreSSL 2.4.1 (/usr/bin/ssh)

I 2016.10.24 20:12:13 - SSL - Version: stunnel 5.32 (/Applications/AirVPN.app/Contents/MacOS/stunnel)

......

 2016.10.24 20:30:33 - SSH > OpenSSH_7.2p2, LibreSSL 2.4.1

. 2016.10.24 20:30:33 - SSH > debug1: Reading configuration data /etc/ssh/ssh_config

. 2016.10.24 20:30:33 - SSH > debug1: /etc/ssh/ssh_config line 20: Applying options for *

. 2016.10.24 20:30:33 - SSH > debug1: Connecting to 213.152.162.100 [213.152.162.100] port 22.

. 2016.10.24 20:30:33 - SSH > debug1: Connection established.

. 2016.10.24 20:30:33 - SSH > debug1: permanently_set_uid: 501/20

. 2016.10.24 20:30:33 - SSH > debug1: key_load_public: No such file or directory

. 2016.10.24 20:30:33 - SSH > debug1: identity file /Users/daniel/.airvpn(...hiddened).tmp.key type -1

. 2016.10.24 20:30:33 - SSH > debug1: key_load_public: No such file or directory

. 2016.10.24 20:30:33 - SSH > debug1: identity file /Users/daniel/.airvpn(...hiddened).tmp.key-cert type -1

. 2016.10.24 20:30:33 - SSH > debug1: Enabling compatibility mode for protocol 2.0

. 2016.10.24 20:30:33 - SSH > debug1: Local version string SSH-2.0-OpenSSH_7.2

. 2016.10.24 20:30:33 - SSH > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.7p1 Debian-5+deb8u1

. 2016.10.24 20:30:33 - SSH > debug1: match: OpenSSH_6.7p1 Debian-5+deb8u1 pat OpenSSH* compat 0x04000000

......

. 2016.10.24 20:30:36 - OpenVPN > OpenVPN 2.3.12 x86_64-apple-darwin15.6.0 [sSL (OpenSSL)] [LZO] [MH] [iPv6] built on Sep  5 2016

. 2016.10.24 20:30:36 - OpenVPN > library versions: OpenSSL 1.0.2h  3 May 2016, LZO 2.09

. 2016.10.24 20:30:36 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100

. 2016.10.24 20:30:36 - OpenVPN > Control Channel Authentication: tls-auth using INLINE static key file

. 2016.10.24 20:30:36 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

......

. 2016.10.24 20:30:42 - OS X - PF rules updated, reloading

I 2016.10.24 20:30:42 - Checking route

I 2016.10.24 20:30:45 - Checking DNS

! 2016.10.24 20:30:53 - Connected.

Share this post


Link to post

There is no reason to update the shipped OpenSSH and LibreSSL versions bundled in OSX.

Not only there were no vulnerabilities reported for the versions shipping in the latest OSX branches

(10.11.6 and 10.12.0), this can seriously break other software that relies on the shipped versions of them.

 

You can install a parallel version from Homebrew (https://brew.sh), but it's not recommended to link it as the OS default.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...