[FEATURE/INSECURITY] OpenVPN config incompatibility and MITM

Hi,
NetworkManager-openvpn has an issue (security feature?) which prevented it from working with some certificates:

The NM openvpn plugin requires that the remote certificate is created with a server certificate designation (which seems to often get missed/ignored by certificate creation scripts). This restriction should prevent a man in the middle attack, where an attacker with a valid client certificate is impersonating the server.

Although NM has (apparently) been patched, Fedora never patched "because Warren really, really wants VPN passwords converted" (presumably due to the MITM issue).

Would it be possible for ASL to set the proper designation?

links:
https://bugzilla.redhat.com/show_bug.cgi?id=459475

Nabble - Gnome - NetworkManager - openvpn connection failed

https://bugs.launchpad.net/network-manager-openvpn/+bug/94788

Thanks!
Barry

Parents

0 BarryG over 16 years ago

An alternative to fixing this would be to create Cisco PCF files which could then be used with NetworkManager-VPNC... several people have been asking for PCF files anyways.

Barry
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 BarryG over 16 years ago

An alternative to fixing this would be to create Cisco PCF files which could then be used with NetworkManager-VPNC... several people have been asking for PCF files anyways.

Barry
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data