Fellow admins and users,
I'm willing to "sell" a secure phone solution based on OpenVPN. Clients talk one another by direct communication since Voip signalling and media is routed with a "client-to-client" setup. If I sniff tun0 on SERVER I can only see encrypted traffic (no SIP, no RTP).
So far so good.
Here's my question:
Could users be assured that - even modifying OpenVPN server-side source - traffic would be still impossible to decrypt?
This would be a real zero-trust scenario.
Thank you very much,
Bruto
CLIENT-TO-CLIENT security
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
- Pippin
- Forum Team
- Posts: 1201
- Joined: Wed Jul 01, 2015 8:03 am
- Location: irc://irc.libera.chat:6697/openvpn
Re: CLIENT-TO-CLIENT security
Hi,
Using --client-to-client, you would not see packets encrypted by OpenVPN on the tun interface.
You already found that here:
viewtopic.php?f=4&t=26615&p=79654
Take a look here:
https://community.openvpn.net/openvpn/w ... acketsFlow
Using --client-to-client, you would not see packets encrypted by OpenVPN on the tun interface.
You already found that here:
viewtopic.php?f=4&t=26615&p=79654
Take a look here:
https://community.openvpn.net/openvpn/w ... acketsFlow
I gloomily came to the ironic conclusion that if you take a highly intelligent person and give them the best possible, elite education, then you will most likely wind up with an academic who is completely impervious to reality.
Halton Arp
Halton Arp
-
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Jan 06, 2018 12:16 pm
Re: CLIENT-TO-CLIENT security
Thank you sir.
But this time (sorry for the duplicate by the way) the question is more specific!
If I somehow modify server source code would this still be true?
But this time (sorry for the duplicate by the way) the question is more specific!
If I somehow modify server source code would this still be true?
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: CLIENT-TO-CLIENT security
If you modify the source code then it is your own product.
-
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Jan 06, 2018 12:16 pm
Re: CLIENT-TO-CLIENT security
Thank you TCT.
Of course but:
am I locked out if the client is genuine - not modified - OpenVPN software talking to its peer in a --client-to-client fashion?
Cheers,
B.
Of course but:
am I locked out if the client is genuine - not modified - OpenVPN software talking to its peer in a --client-to-client fashion?
Cheers,
B.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 15
- Joined: Sat Jan 06, 2018 12:16 pm
Re: CLIENT-TO-CLIENT security
Ok thank you
Cheers
B.
Cheers
B.