|
|
You can set "cipher=none" and "auth=none" to disable encryption and HMAC-based packet authentication. (This is covered in the man page; somehow, I thought it was a FAQ as well). That'll turn off the CPU overhead of encrypting and hashing the content; if your concern is the administrative overhead of handing out passwords or certificates, use duplicate-cn, username-as-common-name, and a auth-user-pass-verify hook which accepts absolutely anything given as a username/password pair. That said, using duplicate-cn removes some administrative benefits of client/server mode; I wouldn't necessarily use it even if I weren't worried about security. ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |