In Robur we have implemented a OpenVPN™-compatible VPN library and (unikernel) applications called MirageVPN. In this talk you can expect to learn briefly what is a unikernel, what is OpenVPN™, why re-implement it, and learn interesting details about the OpenVPN™ protocol including two CVEs. OpenVPN™ is a piece of software and a protocol that has existed and evolved for about 20 years, and is a way to provide an (encrypted) virtual private network. This has resulted in hundreds of configuration options, a plethora of modes of operations and vestigial ceremonies in the protocol. During our work to implement MirageVPN I have discovered two security vulnerabilites (CVE-2024-28882 and CVE-2024-5594) which I will describe. Besides describing them I will also philosophize how they came to be, how they can be avoided and what could be improved, and try to generalize.
Speakers for Discoveries of implementing MirageVPN, a OpenVPN™-compatible VPN library:
Metadata for Discoveries of implementing MirageVPN, a OpenVPN™-compatible VPN library
To be recorded: YesURLs for Discoveries of implementing MirageVPN, a OpenVPN™-compatible VPN library
Slides: https://reyn.ir/bornhack2024
Schedule for Discoveries of implementing MirageVPN, a OpenVPN™-compatible VPN library
- Saturday, Jul 20th, 2024, 17:00 (CEST) - Saturday, Jul 20th, 2024, 18:00 (CEST) at Speakers Tent