OpenVPN-NL released.

Discussion in 'privacy technology' started by Baserk, Nov 22, 2011.

Thread Status:
Not open for further replies.
  1. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Dutch IT security company FoxIT, has released it's version of OpenVPN.
    OpenVPN-NL is used by the Dutch government for confidential communication.
    It has been developed at the request of the NBV, part of the Dutch Intelligence and Security Service (AIVD).
    One of FoxIT founders, Ronald Prins has an academic and professional background in encryption and has worked for the AIVD previously.
    The main reasons for developing were;

    -The product (OpenVPN) allows many insecure configurations, such as turning off encryption, or the use of outdated cryptographic functions in security critical places.
    -The trust to be put in the supply chain of the software is not warranted. The Dutch government simply cannot verify whether all the versions and releases out in the wild are legitimate (i.e. secure and uncompromised) versions of OpenVPN.


    The difference is that OpenSSL has been changed for PolarSSL; encryption has been changed from BF-CBC/SHA1 to AES-256-CBC/SHA256 (with no other options available).
    Also, the OpenVPN code has been scrutinized, resulting in removing some 8000 lines of code (insecure and less secure options) and adding 4000 new lines of code (hardening).
    OpenVPN-NL has been certified as NLNCSA criteria Level 2/NATO 'Restricted' classification.

    OpenVPN-NL is available for Windows, Ubuntu, Suse Enterprise, Redhat Enterprise and Debian.
    It's open source so available to everyone; source code link
    More details and DL location can be found at FoxIT website link.
     
  2. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    Thanks for this. I'd love to hear more about it from somebody qualified to dissect that code. Is this thing ready to use, or is it still flawed/buggy, and more like a beta? I really want to try it out but I want to know more about it first.
     
  3. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    ^It's definitely final.
    You can read a bit more about it yourself in the english version PDF available here (bottom page; 'Inzetadvies OpenVPN-NL versie 1.0' (232 Kb).
    ('Inzetadvies' means 'deployment advice').
    I'm sure OpenVPN-NL will be dissected&scrutinized thoroughly but it will likely take a couple of days/a week before reviews pop up.
    In the mean time, PolarSSL seems quite glad having been chosen for this project link
     
  4. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I'm still really interested in hearing more about this. I have the site favorited and check it out once in awhile. I tried it out for myself, but I just get this error message:

    "This application has failed to start because MSVCR100.dll was not found. Re-installing the application may fix this problem."
     
Loading...
Thread Status:
Not open for further replies.