Hello,
i need your help to identify security threats and weaknesses for my network
these are the characteristics of the openvpn network:
- Prot is UDP
- BlueFish encryption with block cipher 64, which have the popular sweat32 attack
- the same client certificate shared among multiple clients
- i have the error log "TLS: new session incoming connection from [AF_INET]" thousands of times
- the client connected properly in spite of the previous error
am i vulnerable to the attacks such as:
MITM Attacks https://www.ietf.org/mail-archive/web/t ... 11337.html
or Triple Handshakes https://www.mitls.org/pages/attacks/3SHAKE
or any other attacks?
Is my openvpn network hacked?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is my openvpn network hacked?
Because of this:
Which is generally a bad choice.
Create client certs for all your clients.
-
john232
- OpenVpn Newbie
- Posts: 2
- Joined: Sat Jun 09, 2018 2:38 pm
Re: Is my openvpn network hacked?
what about sweet32 attack is not possible for my case? especially because all users have the same cert?
-
TinCanTech
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: Is my openvpn network hacked?
Blowfish cipher is susceptible to SWEET32 .. so use another cipher .. eg: AES-256-CBC