ciudad 0 Posted ... Versions of OpenVPN 2.5.0 and later introduce a feature called tls-crypt-v2 Does AirVPN plan to implement it? If yes, when? Quote Share this post Link to post
Staff 9972 Posted ... @ciudad Hello! It's not planned at the moment because it's more comfortable for us the current single tls-crypt key. tls-crypt 2 doesn't change anything for the client, while on the server side, in our specific case, it would be useless because we maintain tls-auth for backward compatibility,. Any denial attempt would remain potentially possible via tls-auth, hence we would have a complication for nothing. However when we drop tls-auth (we're afraid not in the near future because of the amount of old OpenVPN versions connecting to our service) then tls-crypt-2 will become attractive indeed.. Kind regards 2 stupid are cocksure and go558a83nk reacted to this Quote Share this post Link to post
ciudad 0 Posted ... 11 hours ago, Staff said: @ciudad because of the amount of old OpenVPN versions connecting to our service) I am shocked to learn that many of AirVPN's customers still use old versions of OpenVPN. Could you be kind enough to put up banners on the front page of your website warning your customers to use the latest version of OpenVPN due to security concerns? Quote Share this post Link to post
OpenSourcerer 1435 Posted ... 6 hours ago, ciudad said: Could you be kind enough to put up banners on the front page of your website warning your customers to use the latest version of OpenVPN due to security concerns? That is a difficult thing to do because it may not be their fault entirely. If they want to use OpenVPN bundled with Synology because it's what they can reasonably do with their skillset, they are locked to OpenVPN 2.3, believe it or not. Synology doesn't seem to be updating much on their Linux-based NAS boxes. 1 Staff reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Staff 9972 Posted ... On 12/1/2021 at 3:28 AM, ciudad said: I am shocked to learn that many of AirVPN's customers still use old versions of OpenVPN. Could you be kind enough to put up banners on the front page of your website warning your customers to use the latest version of OpenVPN due to security concerns? Hello! On top of what @OpenSourcerer correctly wrote, also consider that major Linux distributions run with obsolete packages which are kept on their repositories, with internal maintenance mainly dedicated to security patches only. For example Debian 10, which was the latest stable Debian until few months ago, has OpenVPN 2.4 in the repository (and archaic kernel and libraries...), and Debian 9 ("oldoldstable" still supported and widely used) runs OpenVPN 2.3. Not many users take care of a backport, even less to build latest OpenVPN version inside their distribution. Kind regards Quote Share this post Link to post