Security audit


So, has anybody audited the custom GL software?
For example openvpn server.

create_certificates() {
# CA Authority

# Server certificate

# Sign request

# Client certificate

# Sign request

# Create Diffie-Hellman Key
**#openssl dhparam -out $DH_KEY 1024 >/dev/null 2>&1**

# Create TLS Key
**# openvpn --genkey --secret $TA_KEY**
return 0


So, you dont create a unique Diffie-Hellman Key per device (commented out), but reuse the file /etc/openvpn/cert/dh1024.pem.
Is 1024 bit enough as well as sharing the same file?

Why has prefect forwarding not enable with TA keys?


Thanks for your audit. It is a security issue there. We built-in the DH file as it spent long time to generate it.


just appalling really just sloppy work you guys don’t take things seriously enough to much crap you need to release secure version


I think you are expecting too much. And you can always build your own custom firmware if you are not happy with stock.


I like this product, but I need it to improve before I can recommend it to others. And I cant help but notice how you just keep trying to invalidate or trivialize every bug report the users make here. When I see you arguing in favor of weak security too, I have to question your motive and who you are really working for.