VPN questions
in [Linux Networking]
|
From: Tim Frink on 28 May 2010 21:50 > I'm not sure why you think that doesn't conform. Maybe we're just using > terms differently. OK, now I got it. Maybe I was little bit confused since at first glance it seemed to me that the connection between the VNC client and the server was not encrypted. But now it's clear. Maybe this is now a stupid question, but in this scenario the VPN server decrypts the messages and sends them to the Internet. So theoretically here a sniffer may start his attach. Or do we have to assume that our IPS is secure and attacks are not likely? Tim
From: Maxwell Lol on 28 May 2010 22:17 Tim Frink <plfriko(a)yahoo.de> writes: > Thank you for your answer. Just to make sure that I understand the > concept of VPN: Everything that I transmit via an unsafe WLAN connection > can be theoretically sniffed by others, right? When you set up a VPN, say - with openssl, it creates a network interface with a new IP address. All traffic is routed THROUGH this new interface. (Well, perhaps anything to the local LAN may be allowed). On my openssl connection, I have an IP address on my machine (10.0.0.1), and a similar IP address on a remote machine. When my traffic exits through the remote machine, all traffic comes from that other IP address. And all traffic between these two IP addresses is encrypted. When I kill the connectin, the routing table has to be reset so that it routes though the original IP address. A small thing - the routing table is updated so that all traffic goes through the new interface. EXCEPT traffic to and from the new IP address. That goes over the old interface. Make sense - as you can't tunnel the tunnel. The tuinnel uses real addresses. Everything else (non-local traffic) goes THROUGH the tunnel.
From: unruh on 29 May 2010 00:04 On 2010-05-29, Tim Frink <plfriko(a)yahoo.de> wrote: > >> I'm not sure why you think that doesn't conform. Maybe we're just using >> terms differently. > > OK, now I got it. Maybe I was little bit confused since at first glance > it seemed to me that the connection between the VNC client and the server > was not encrypted. But now it's clear. > > Maybe this is now a stupid question, but in this scenario the VPN server > decrypts the messages and sends them to the Internet. So theoretically > here a sniffer may start his attach. Or do we have to assume that our > IPS is secure and attacks are not likely? l Yes. Your own computer is also a weakness. > > Tim
From: Chris Davies on 8 Jun 2010 06:30 Tim Frink <plfriko(a)yahoo.de> wrote: > OK, now I got it. Maybe I was little bit confused since at first glance > it seemed to me that the connection between the VNC client and the server > was not encrypted. But now it's clear. Hang on. You're saying VNC here. That's something totally different, and in generally VNC traffic is not encrypted. Did you perhaps really mean VPN or vpnc (which is an implementation of CISCO IPSec VPN)? Chris
From: David Schwartz on 8 Jun 2010 14:24
On May 28, 6:50 pm, Tim Frink <plfr...(a)yahoo.de> wrote: > OK, now I got it. Maybe I was little bit confused since at first glance > it seemed to me that the connection between the VNC client and the server > was not encrypted. But now it's clear. I presume you mean VPN. VNC is something else entirely. > Maybe this is now a stupid question, but in this scenario the VPN server > decrypts the messages and sends them to the Internet. So theoretically > here a sniffer may start his attach. Or do we have to assume that our > IPS is secure and attacks are not likely? The VPN itself deals with one, and only one, type of threat -- interception between the VPN server and the VPN client. If there are other threats you have to deal with, you need to employ other solutions to deal with them. DS |