On Monday, June 16, 2014 2:29 AM, grarpamp grarpamp@gmail.com wrote:
No, it does not break any anonymity. And it doesn't matter what
OpvenVPN sends because it all happens over the users already secured Tor circuit '--'. You just don't understand the model. Here it is again. '<>' is a single computer, there are two computers pictured. Packets travel through the listed processes and computers from left to right. '++' is the usual clearnet beyond the exit box.
A) <user - ovpncli - torcli> -- <tor_exit_relay_or_ip - ovpn_term_ip> ++ world
It seems to me in this case the OpenVPN endpoint would know who the user is, based on their OpenVPN client certificate or shared secret. Even absent those, they might be able to do packet fingerprinting, since the packets won't be scrubbed.