Enable authentication of TLS packets
-
When using "Remote Access (SSL/TLS + User Auth)" setting, what effect does the "Enable authentication of TLS packets" setting have?
-
I think I found the answer here: https://openvpn.net/index.php/open-source/documentation/security-overview.html
One notable security improvement that OpenVPN provides over vanilla TLS is that it gives the user the opportunity to use a pre-shared passphrase (or static key) in conjunction with the –tls-auth directive to generate an HMAC key to authenticate the packets that are themselves part of the TLS handshake sequence. This protects against buffer overflows in the OpenSSL TLS implementation, because an attacker cannot even initiate a TLS handshake without being able to generate packets with the currect HMAC signature.