| 8.1 | Show the VTun encapsulation for Ethernet, serial, and pipe tunnels. Use either TCP or UDP for the transport. |
| 8.2 | Suppose that VTun does not have the SSL library linked in, that the server sends the client a random challenge of (0xA2 0x49 0x8C 0x1F 0xE0 0x74 0x73 0x29 0xAE 0xDC 0x33 0x74 0x70 0xCA 0xBB 0x20), and that the client responds with (0xF2 0x20 0xE2 0x78 0xB0 0x15 0x10 0x42 0xCB 0xA8 0x63 0x1D 0x1E 0xAD 0xEB 0x41). What shared secret are they using? (We are ignoring the mapping into {a, . . . , p} that VTun uses to transmit the binary data as a string.) |
| 8.3 | How could we improve the security of CIPE by changing the binary packet format and making corresponding changes to its processing? |
| 8.4 | Provide an efficient implementation in your favorite programming language of the sliding-window mechanism that tinc uses for handling sequence numbers. |
| 8.5 | Why are OpenVPN's OCC and PING messages unlikely to conflict with normal traffic on the data channel? Hint: What does "normal" traffic look like? |
| 8.6 | Why doesn't OpenVPN use a single ACK number to acknowledge all previous messages, as TCP does? |
| 8.7 | Explain the difference between OpenVPN's control-channel packet ID and message sequence number fields. Why does it require both? |
| 8.8 | We have mentioned many times that encrypted data should also be authenticated to prevent various types of attacks. Why is it safe for the OpenVPN control channel to omit the HMAC field (that is, to not specify --tls-auth)? |
