Collaborate Disseminate
OpenVPN allows the use of their ‘reneg-sec’ option to renegotiate keys for the data channel at a specified interval. This helped protect against exploits like Sweet32 with 64 bit block ciphers a while ago. Apparently, only 32GB of retrieve… Continue reading Is key renegotiation necessary with a larger cipher in OpenVPN?
Update: I’ve been able to work out everything I was asking about packet structure when I was finally able to get Wireshark to work, but there is one last thing I’m confused on which I detail at the end of the question.
Original question:
I… Continue reading How exactly does OpenVPN’s tls-auth option apply HMAC to packet messages?
When using OpenVPN, tls-auth and tls-crypt are widely adopted options, allowing a static key to be used in the initial handshake. This helps prevent against DoS attacks, as without the valid key a client will be disregarded almost instantl… Continue reading Is providing a static TLS key during an OpenVPN handshake useless for commercial providers?
I’ve been looking into getting a VPS to run an OpenVPN server on and a few other things. I’ve been speaking to a hosting company and they have sent me this screenshot to show they are protected against all currently known exploits on their… Continue reading Are CPU side-channel attacks still a concern on VPSs
I’ve been reading into the Meltdown and Spectre bugs recently and the issues they cause for virtualised servers, as memory in one VM can potentially be accessed by another user in a separate VM with the same host.
I found this article on D… Continue reading Is protecting against Meltdown and Spectre on virtual servers actually possible?
I’m experimenting with OpenVPN on my Macbook and am attempting to limit my outward network traffic to just the tun interface created by OpenVPN. With the pf firewall disabled I’m able to connect to my server and access the internet just fi… Continue reading Using a pf firewall to secure an OpenVPN connection
From my understanding, a VPN kill switch modifies routing to make sure that all traffic must be sent through the VPN’s tunnel interface, and otherwise internet access is restricted. On desktop applications it seems quite obvious how this c… Continue reading How do VPN kill switches in mobile apps actually work?