Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dutch Government Officially Trusts OpenVPN-NL

Posted by timothy on from the goot-to-goeh dept.

First time accepted submitter joost.bijl writes "Yesterday the Dutch government took a step to further improve the adoption of Open Source in its ranks. It has officialy approved a modified version of the open source VPN software OpenVPN for use on the governmental level 'Departementaal Vertrouwelijk' (Restricted). The release is called OpenVPN-NL and is fully open-source and available for use. The software has undergone a security evaluation by the Dutch government's national communications security agency (NLNCSA). The major change is the removal of OpenSSL as the cryptographic core of OpenVPN-NL. Instead, the Dutch government opted to include the smaller, better readable and documented open source library PolarSSL to provide the cryptographic and SSL/TLS functionality. The Dutch IT Security company Fox-IT worked together with both OpenVPN and PolarSSL communities and modified the stock software to support the government evaluation process. In total 8000 lines of code and 4000 lines of documentation were checked in to the OpenVPN trunk."

4 of 53 comments (clear)

  1. Awesome by MightyMartian · · Score: 5, Interesting

    This is very good news. OpenVPN is probably the easiest secure VPN software I've ever worked with. I've been running it as the link for our multi-site network for over two years now, and it's also the VPN software our road warriors are using. Simple to configure, and damnit but it just works. After years of trying to get all these weird implementations of IPSec to co-operate with each other, OpenVPN is just a marvel, fast and lightweight.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
    1. Re:Awesome by Capt.DrumkenBum · · Score: 5, Interesting

      OpenVPN rocks!
      I have a client site that needs to access some data in my local office. This client site network is locked down so tight that almost nothing goes through. Somehow OpenVPN manages to maintain several connections between here and there. Add to that the fact that they are fully cross platform and you just can't beat them.

      --
      If I were God, wouldn't I protect my churches from acts of me?
    2. Re:Awesome by Anonymous Coward · · Score: 4, Interesting

      This is mainly going to be used to allow remote access to restricted infrastructure.
      The comments in Holland are that this is allowing unsecured & unchecked workstations (home pc's & laptops) that might be infected with general or specifically designed malways; & then via the vpn gaining access to restricted documents & information.

      The last word is not yet spoken about this.

      Dutch megan00b

  2. Re:Why should we trust openssl? by Rich · · Score: 5, Interesting

    That's true, though openssl has had the ability to add empty fragments to avoid the chosen plain text attack I suspect you're referring to for many years. What's strange is that the chosen solution (polarSSL) doesn't seem to have support for OCSP which is the main way to quickly revoke bad keys - particularly important in the light of the recent diginotar breach.