Jump to content
Not connected, Your IP: 3.145.161.194
ciudad

When will AirVPN implement tls-crypt-v2?

Recommended Posts

@ciudad

Hello!

It's not planned at the moment because it's more comfortable for us the current single tls-crypt key. tls-crypt 2 doesn't change anything for the client, while on the server side, in our specific case, it would be useless because we maintain tls-auth for backward compatibility,. Any denial attempt would remain potentially possible via tls-auth, hence we would have a complication for nothing. However  when we drop tls-auth (we're afraid not in the near future because of the amount of old OpenVPN versions connecting to our service) then tls-crypt-2 will become attractive indeed.. 

Kind regards
 

Share this post


Link to post
11 hours ago, Staff said:
@ciudad

because of the amount of old OpenVPN versions connecting to our service)
 

I am shocked to learn that many of AirVPN's customers still use old versions of OpenVPN.

Could you be kind enough to put up banners on the front page of your website warning your customers to use the latest version of OpenVPN due to security concerns?

Share this post


Link to post
6 hours ago, ciudad said:

Could you be kind enough to put up banners on the front page of your website warning your customers to use the latest version of OpenVPN due to security concerns?


That is a difficult thing to do because it may not be their fault entirely. If they want to use OpenVPN bundled with Synology because it's what they can reasonably do with their skillset, they are locked to OpenVPN 2.3, believe it or not. Synology doesn't seem to be updating much on their Linux-based NAS boxes.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
On 12/1/2021 at 3:28 AM, ciudad said:

I am shocked to learn that many of AirVPN's customers still use old versions of OpenVPN.

Could you be kind enough to put up banners on the front page of your website warning your customers to use the latest version of OpenVPN due to security concerns?

Hello!

On top of what @OpenSourcerer correctly wrote, also consider that major Linux distributions run with obsolete packages which are kept on their repositories, with internal maintenance mainly dedicated to security patches only. For example Debian 10, which was the latest stable Debian until few months ago, has OpenVPN 2.4 in the repository (and archaic kernel and libraries...), and Debian 9 ("oldoldstable" still supported and widely used) runs OpenVPN 2.3. Not many users take care of a backport, even less to build latest OpenVPN version inside their distribution.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...