On Monday, June 16, 2014 2:29 AM, grarpamp <grarpamp@gmail.com> wrote:

> No, it does not break any anonymity. And it doesn't matter what
> OpvenVPN sends because it all happens over the users already secured
> Tor circuit '--'. You just don't understand the model. Here it is
> again. '<>' is a single computer, there are two computers pictured.
> Packets travel through the listed processes and computers from left
> to right. '++' is the usual clearnet beyond the exit box.

> A)
> <user - ovpncli - torcli> -- <tor_exit_relay_or_ip - ovpn_term_ip> ++ world

It seems to me in this case the OpenVPN endpoint would know who the user is, based on their OpenVPN client certificate or shared secret. Even absent those, they might be able to do packet fingerprinting, since the packets won't be scrubbed.