1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TomatoUSB OpenVPN on RT-N16 user/pass security

Discussion in 'Tomato Firmware' started by distinguishedPoint, Jan 5, 2012.

  1. distinguishedPoint

    distinguishedPoint Networkin' Nut Member

    Zounds! I'm new here, and had to use Opera (11.60) instead of Firefox (9.0.1) on Windows XP SP3 to get the editor pane so I could enter a message. Probably a Javascript bug. Moving on...

    I've been happily using Tomato for some time on my Linksys WRT54GL. Now have an Asus RT-N16 with TomatoUSB 1.28 (build 54) installed, and am trying to configure OpenVPN to satisfy my cautious nature.

    Specifically, I would like to supplement the use of certificates with user/pass. It looks like using auth-user-pass-verify for the server and auth-user-pass for the client will get me there, but I have a lingering worry:

    When the response is sent to the server, is the communication secure or can any packet sniffer see the pass phrase?

    I think I've figured out how to use a shell script and OpenSSL to encode the plaintext password (using something I trust more than MD5) so that no raw pass info is stored. But that's little consolation if the communication is open. Despite much searching (though not in the source code) I cannot find an answer!

    Does anyone know for sure?

Share This Page