Answered: TLS-CRYPT

Erenys

Member
Maybe I'm wrong but it seems that with OpenVPN, PP uses TLS-AUTH instead off TLS-CRYPT (and it's TLS-CRYPT v2 nowaday). Why staying stuck on TLS-AUTH, while TLS-CRYPT has many security advantages, see for example:


 
Correct, the VPN Manager still uses tls-auth, we have no ETA yet regarding tls-crypt use. But this will surely happen.
Ok, so will there be any bad side effects if I manually replace tls-auth with tls-crypt in any .ovpn file? Won't the VPN manager automatically revert these files to their tls-auth version every time I launch it?
 
They would be overwritten when an update happens, apart from that it should work. The configuration files can also be downloaded from within the customer area of our website.
 
They would be overwritten when an update happens, apart from that it should work. The configuration files can also be downloaded from within the customer area of our website.
I use single server config, so I should download almost 100 .ovpn files, reitering this operation every time an update occurs, reverting all the files in the tls-auth version, so it's no manageable for me.*

I just tested the manual replacement of <tls-auth> by <tls-crypt> (and </tls-auth> by </tls-crypt> below) in one udp config file. But then the VPN manager has not been able to connect. It is stuck on a "WAIT". :(
As soon as I close the Vpn manager, and revert the two tls-crypt by the tls-auth, all works like a charm.

I will open a ticket in order to give you more details.
 
Back
Top