OpenVPN Support Forum

Posted: **Tue Jan 14, 2020 11:20 am**

Fellow admins and users,
I'm willing to "sell" a secure phone solution based on OpenVPN. Clients talk one another by direct communication since Voip signalling and media is routed with a "client-to-client" setup. If I sniff tun0 on SERVER I can only see encrypted traffic (no SIP, no RTP).
So far so good.
Here's my question:
Could users be assured that - even modifying OpenVPN server-side source - traffic would be still impossible to decrypt?
This would be a real zero-trust scenario.
Thank you very much,
Bruto

Posted: **Tue Jan 14, 2020 1:35 pm**

Hi,

Using --client-to-client, you would not see packets encrypted by OpenVPN on the tun interface.
You already found that here:
viewtopic.php?f=4&t=26615&p=79654

Take a look here:
https://community.openvpn.net/openvpn/w ... acketsFlow

Posted: **Tue Jan 14, 2020 3:55 pm**

Thank you sir.
But this time (sorry for the duplicate by the way) the question is more specific!
If I somehow modify server source code would this still be true?

Posted: **Tue Jan 14, 2020 4:01 pm**

If you modify the source code then it is your own product.

Posted: **Tue Jan 14, 2020 7:24 pm**

Thank you TCT.
Of course but:
am I locked out if the client is genuine - not modified - OpenVPN software talking to its peer in a --client-to-client fashion?
Cheers,
B.

Posted: **Tue Jan 14, 2020 8:19 pm**

bruto wrote: ↑
Tue Jan 14, 2020 11:20 am
Could users be assured that - even modifying OpenVPN server-side source - traffic would be still impossible to decrypt?

Even without modifying OpenVPN source code, there are no such guarantees..

Posted: **Tue Jan 14, 2020 11:21 pm**

Ok thank you
Cheers
B.

OpenVPN Support Forum

CLIENT-TO-CLIENT security

CLIENT-TO-CLIENT security

Re: CLIENT-TO-CLIENT security

Re: CLIENT-TO-CLIENT security

Re: CLIENT-TO-CLIENT security

Re: CLIENT-TO-CLIENT security

Re: CLIENT-TO-CLIENT security

Re: CLIENT-TO-CLIENT security