No x509 Verification?

[7481217113 1]

Why is this important?

This works exactly like your browser when you access a HTTPS website. Say you visit reddit.com, when you enter the URL into your address bar, your browser connects to the Reddit servers which sends a TLS certificate over the wire for reddit.com. Your browser then checks the certificate to see if reddit.com is indeed present in the common name or SANs (subject alternative names), that it is not expired, and that it was signed by a publicly trusted certificate authority (CA). If these conditions are true the website will load. If they are not true then you will be presented with an insecure connection error.

The OpenVPN client, by default, does NOT verify that the server you are connecting to is the server that you expect it to be (ie. the hostname you connect to is in the certificate’s common name). The only thing it does is verify is:

The certificate has been issued/signed by the Certificate Authority that is trusted inside the <ca> block in the config
The certificate is not expired

Unless x509 verification is in place, the client will trust ANY server that presents a certificate that was generated by the Certificate Authority as long as it’s not expired. With that in mind, a breach of a single server, regardless of the unique certificate being deployed there, gives the attacker the ability to impersonate ANY other server for that VPN provider.

[Staff 9972]

Hello!

WireGuard does not support authentication via certificate at all. OpenVPN does, and we have it implemented of course, but not with specific fields. If we implemented it we would force all of our customer to change certificate every time they change server, which is not a viable solution in most router and pfSense machines. Totally unacceptable.

You must also consider that in order to impersonate a server, not only would the attacker need to steal the secret WireGuard key or the various OpenVPN certificate/key pairs, but she would also need to cage the target and hijack route via IP addresses, because the target can not be actively reached (forbidden in OpenVPN settings). Also, DH keys are unique in each VPN server, so the attacker can't even try an impersonation from another server while the connection is ongoing to a real server.

Kind regards