[vpn] Security aspects of openVPN (fwd)

---------- Forwarded message ----------
Date: Tue, 25 Nov 2003 16:48:15 -0000
From: James Yonan <jim@yonan.net>
To: Shashank Khanvilkar <shashank@mia.ece.uic.edu>, James Yonan <jim@yonan.net>
Cc: openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] Security aspects of openVPN

Shashank Khanvilkar <shashank@mia.ece.uic.edu> said:

> Thanks,
> 
> Is there amny other aspect of security that one needs to consider, when 
> choosing a VPN solution, in your opinion. 
> 
> (i could think of others like forward secrecy, ?)

OpenVPN supports Diffie Hellman key exchange in TLS mode, so you get the
forward secrecy.

There are some other security features worth noting:

OpenVPN's --tls-auth option allows you to protect the TLS data channel with an
HMAC key.  This adds a kind of "HMAC firewall" to the listening port so that
you need to have the correct HMAC key to even begin a TLS negotiation. 
Suppose that there was a remotely exploitable buffer overflow in OpenSSL or
lower-level libraries.  --tls-auth would provide a sort of front line
gatekeeper protection by preventing incoming packets from reaching the TLS code.

Another important security issue (in my view) is the fact that OpenVPN runs in
user space.  This means that the OpenVPN process can be locked down with
privilege downgrades (--user and --group) and/or --chroot.  Even if a code
insertion attack were discovered, it would find itself locked in a chroot jail
where it could be contained to a certain extent (like a sandbox).  By
contrast, VPNs which run in kernel space cannot offer this kind of protection
-- a kernel space code insertion vulnerability results in a fully privileged
exploit.

James