Hi Jason,
On 09/11/21 09:37, Jason Haar wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
How about ditching the NTLM and adding HTTPS proxy support instead? ;-)
Does the privacy aspect of talking to proxies "properly" of course (Basic
is fine over HTTPS)
(and accidentally makes openvpn-over-TCP look like real TLS traffic too...)
this was also discussed at the OpenVPN Hackathon last weekend; I have
code laying around for it
https://github.com/jjkeijser/connect-proxy/
which allows you to run a separate HTTPS proxy and then connect OpenVPN
to it using 127.0.0.1:<some port>
This needs to be integrated into OpenVPN in some form - I think we
decided to use the (delayed-then-forgotten) transport obfuscation plugin
for this. We talked about it a few years ago, but it was never fully
implemented.
@Gert, list: who was working on this and who still has the code for the
transport obfuscation plugin ? would be a good clean-up project to move
all proxy (socks, http AND https) code into this plugin.
cheers,
JJK
On 2021-11-07 at 13:55, g...@greenie.muc.de wrote:
Hi Community,
OpenVPN supports HTTP proxies that require NTLM authentication,
supporting NTLMv1 and NTLMv2 protocols.
This is old code, which was written in the dark ages, is not currently
unit/client tested, and uses DES which got deprecated in OpenSSL 3.0.0...
That said, if people still *use* it, we are likely to keep it - otherwise
it might just become lost :-)
So - if you use HTTP proxy in OpenVPN, and that proxy authenticates
against a Windows AD domain, and you use NTLMv1 or NTLMv2 authentication,
please speak up and tell us about your use case!
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
