Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Mon Oct 21, 2019 22:11 Post subject:
This afternoon I verified with a shell script that the openvpn config files posted at https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/SERVERNAME.nordvpn.com.udp.ovpn for the several dozen SERVERNAMEs that I use are still showing the .ca and .tls keys that I have had in place in dd-wrt for over a year, identical keys across all those servers. I'm not sure what that talk about expiring keys was about if they are not actually forcing us to update our configurations. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Tue Oct 22, 2019 15:03 Post subject:
This Ars Technica piece is the most thorough writeup I've seen so far. It's clear that I needn't have been concerned about our .ca and .tls files. It appears that the vulnerability was strictly regarding access of the main nordvpn.com website itself. There was some possibility of a MITM attack substituting a fake site. Perhaps the bigger issue is just that NordVPN was so quiet about this for so long. What else are they not telling us, if that's their philosophy?
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Fri Nov 01, 2019 20:52 Post subject:
I gave up on these guys and moved my router to AirVPN. See the last link in my sig below. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.