Replies: 1 comment 7 replies
-
|
The random SNI is not belong to us, it is fake and generated in your server, you can have your own domain. Please not that the hash of the certificate public key exists in user token, so you don't really need to provide a valid ssl certificate and it doesn't improve users security. User also can't see this SNI from VpnHoodClient. Let me know if you need more help. |
Beta Was this translation helpful? Give feedback.
-
|
Isn't much better with valid SNI+Domain e.g cert by letsencrypts? But users need own domain as the result |
Beta Was this translation helpful? Give feedback.
-
VpnHood does need a SSL cert, but it doesn't need to be a valid one, because you give a token to your client and they don't need to connect to your server by just a domain name, so it doesn't needed to have a certificate with valid chain authority. |
Beta Was this translation helpful? Give feedback.
-
VpnHood supports valid certificate, so in that case, your ServerEP will not be used and it tries to resolve the IP by your domain from public DNS servers. I this case I can modify the client code to show your domain instead ip address. You get get certificate from any authority such as letsencrypts and replace default.pfx with it in access folder of VpnHoodServer. |
Beta Was this translation helpful? Give feedback.
-
no, it is just a fake random domain, client look for your server endpoint embedded into token and uses that domain. if you delete the default.pfx a new one will be generated. |
Beta Was this translation helpful? Give feedback.
-
let me try to set with valid ssl+domain next time |
Beta Was this translation helpful? Give feedback.
-
I saw log in server it's using random SNI from your domain? Can we are users use our own domain instead?
Beta Was this translation helpful? Give feedback.
All reactions