CLIENT-TO-CLIENT security

[bruto]

Fellow admins and users,
I'm willing to "sell" a secure phone solution based on OpenVPN. Clients talk one another by direct communication since Voip signalling and media is routed with a "client-to-client" setup. If I sniff tun0 on SERVER I can only see encrypted traffic (no SIP, no RTP).
So far so good.
Here's my question:
Could users be assured that - even modifying OpenVPN server-side source - traffic would be still impossible to decrypt?
This would be a real zero-trust scenario.
Thank you very much,
Bruto

[Pippin]

Hi,

Using --client-to-client, you would not see packets encrypted by OpenVPN on the tun interface.
You already found that here:
viewtopic.php?f=4&t=26615&p=79654

Take a look here:
https://community.openvpn.net/openvpn/w ... acketsFlow

[bruto]

Thank you sir.
But this time (sorry for the duplicate by the way) the question is more specific!
If I somehow modify server source code would this still be true?

[TinCanTech]

If you modify the source code then it is your own product.

[bruto]

Thank you TCT.
Of course but:
am I locked out if the client is genuine - not modified - OpenVPN software talking to its peer in a --client-to-client fashion?
Cheers,
B.

[TinCanTech]

Could users be assured that - even modifying OpenVPN server-side source - traffic would be still impossible to decrypt?

Even without modifying OpenVPN source code, there are no such guarantees..

[bruto]

Ok thank you
Cheers
B.