[Help] Secure or Not?

[JM]

Please looking my setting.
This setting secure or not?

Server.conf

local xxx.xxx.xxx.xxx
port 1194
proto udp
dev tun

;tun-mtu-extra 32
;tun-mtu 1500
;mssfix 1450

persist-key
persist-tun

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

auth-nocache

server 1.2.3.0 255.255.255.0

push "redirect-gateway def1"
push "dhcp-option DNS 8.8.4.4"
push "dhcp-option DNS 8.8.8.8"

keepalive 10 120
cipher AES-256-CBC
max-clients 1
comp-lzo

verb 3

Client.conf

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194

ns-cert-type server
resolv-retry infinite

nobind

;tun-mtu-extra 32
;tun-mtu 1500
;mssfix 1450

persist-key
persist-tun

ca ca.crt
cert client.crt
key client.key

;auth-user-pass
auth-nocache

explicit-exit-notify 2
ping 10
ping-restart 60

verb 3
cipher AES-256-CBC
comp-lzo

route-method exe
route-delay 5

how setting openvpn with ssl ?
i check my ip in http://www.sslshopper.com/ssl-checker.html not h've ssl?

Code: Select all

No SSL certificates were found on xxx.xxx.xxx.xxx. Make sure that the name resolves to the correct server
and that the SSL port (default is 443) is open on your server's firewall.

Fri Nov 04 05:24:24 2011 OpenVPN 2.2.1 Win32-MSVC++ [SSL] [LZO2] built on Jul 1 2011
Fri Nov 04 05:24:24 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Fri Nov 04 05:24:24 2011 LZO compression initialized
Fri Nov 04 05:24:24 2011 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]
Fri Nov 04 05:24:24 2011 Socket Buffers: R=[8192->8192] S=[8192->8192]
Fri Nov 04 05:24:24 2011 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]
Fri Nov 04 05:24:24 2011 Local Options hash (VER=V4): '22188c5b'
Fri Nov 04 05:24:24 2011 Expected Remote Options hash (VER=V4): 'a8f55717'
Fri Nov 04 05:24:24 2011 UDPv4 link local: [undef]
Fri Nov 04 05:24:24 2011 UDPv4 link remote: xxx.xxx.xxx.xxx:1194
Fri Nov 04 05:24:25 2011 TLS: Initial packet from xxx.xxx.xxx.xxx:1194, sid=64c99eaa 03dcd28b
Fri Nov 04 05:24:27 2011 VERIFY OK: depth=1, XXXXXX HIDDEN XXXXXX
Fri Nov 04 05:24:27 2011 VERIFY OK: nsCertType=SERVER
Fri Nov 04 05:24:27 2011 VERIFY OK: depth=0, XXXXXX HIDDEN XXXXXX
Fri Nov 04 05:24:30 2011 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Nov 04 05:24:30 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 04 05:24:30 2011 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Nov 04 05:24:30 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Nov 04 05:24:30 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Fri Nov 04 05:24:30 2011 [server-arizona-usa] Peer Connection Initiated with xxx.xxx.xxx.xxx:1194
Fri Nov 04 05:24:32 2011 SENT CONTROL [server-arizona-usa]: 'PUSH_REQUEST' (status=1)
Fri Nov 04 05:24:32 2011 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.4.4,dhcp-option DNS 8.8.8.8,route 1.2.3.1,topology net30,ping 10,ping-restart 120,ifconfig 1.2.3.6 1.2.3.5'
Fri Nov 04 05:24:32 2011 OPTIONS IMPORT: timers and/or timeouts modified
Fri Nov 04 05:24:32 2011 OPTIONS IMPORT: --ifconfig/up options modified
Fri Nov 04 05:24:32 2011 OPTIONS IMPORT: route options modified
Fri Nov 04 05:24:32 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Nov 04 05:24:32 2011 ROUTE default_gateway=xxx.xxx.xxx.xxx <<-- My Ip Computer
Fri Nov 04 05:24:32 2011 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{5861A2C4-3315-4BEE-A0C9-CAF95725FBAB}.tap
Fri Nov 04 05:24:32 2011 TAP-Win32 Driver Version 9.8
Fri Nov 04 05:24:32 2011 TAP-Win32 MTU=1500
Fri Nov 04 05:24:32 2011 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1.2.3.6/255.255.255.252 on interface {5861A2C4-3315-4BEE-A0C9-CAF95725FBAB} [DHCP-serv: 1.2.3.5, lease-time: 31536000]
Fri Nov 04 05:24:32 2011 Successful ARP Flush on interface [15] {5861A2C4-3315-4BEE-A0C9-CAF95725FBAB}
Fri Nov 04 05:24:37 2011 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Fri Nov 04 05:24:37 2011 C:\WINDOWS\system32\route.exe ADD 74.221.217.8 MASK 255.255.255.255 114.79.32.210
The route addition failed: The object already exists.
Fri Nov 04 05:24:37 2011 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 1.2.3.5
OK!
Fri Nov 04 05:24:37 2011 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 1.2.3.5
OK!
Fri Nov 04 05:24:37 2011 C:\WINDOWS\system32\route.exe ADD 1.2.3.1 MASK 255.255.255.255 1.2.3.5
OK!
Fri Nov 04 05:24:37 2011 Initialization Sequence Completed

what wrong?

**Update

Code: Select all

Fri Nov 04 06:47:26 2011 Replay-window backtrack occurred [1]

what that ? Replay-window backtrack occurred?

[Mimiko]

Your setting is normal. Those line in red a normal - just warnings and infos.

[JM]

Mimiko thank you..
Mimiko, you know How change port UDP 1194 to TCP 443 with SSL?
i change my setting in server and client config.. connection problem

this

Code: Select all

server.conf
port 443
proto tcp

client.conf
proto tcp
remote xxx.xxx.xxx.xxx 443

Your setting is normal. Those line in red a normal - just warnings and infos.

[Mimiko]

To use port 443 as incoming for OpenVPN server, the port must be opened and/or forwarded.

[JM]

To use port 443 as incoming for OpenVPN server, the port must be opened and/or forwarded.

mimiko, thank you again

for all and u mimiko, i have question.
how secure method for transfer data/online transaction with openvpn?
with my setting can securing? i search and looking many technical to hack.
issuu: to hack user can using BT, and ISP using SHARK. udp 1194 too, Server too
i use openvpn to online transaction.. i scared

[Mimiko]

A VPN connection is sequre. You ca increase sequre by tweaking encription from default. At this manual http://www.openvpn.net/index.php/open-s ... pn-21.html search TLS Mode Options and using options in there you can enforce connection.

[jason6]

Pls read here: http://www.openvpn.net/index.php/open-s ... pn-21.html