Remote to Server VPN question

Applications Cybersecurity
1

Hey,

Just have a quick question. If I’m abroad and I want to connect to my home VPN. Is the certificate and password sent to my server in plain text?

I know once connected everything is encrypted but I just need to know if the credentials to connect are safe too.

Cheers

Ziggy

2

@anon16652331 , hi, that is highly improbable.

  • what client are you using to connect to the remote host ?
  • what vpn service is running on the remote host ?
  • is the vpn service configured to accept incoming connections ?
  • make sure you test before going abroad to ensure remote access/connectivity is working
3

Hi @anon16652331

Evaluating a system requires knowledge of that system. A VPN is a specific system and are the clients who connect to that system. One vendor's VPN is not the same another's VPM. One vendors client is not the same as another's client.

Please post all system details (@munkeHoller mentioned above) if you want help.

Thanks.

4

The VPN is installed on a Raspberry Pi 4, 4 GB. It’s OpenVPN and has 256 encryption and password to login in. The operating system is:

Raspberry Pi OS Lite

  • Release date: January 28th 2022
  • System: 32-bit
  • Kernel version: 5.10
  • Debian version: 11 (bullseye)
  • Size: 482MB

Does this information help?

5

In that case, you can easily see on the openvpn.net website that OpenVPN uses openssl for key exchanges. So, the key transfer process is encrypted if you follow their tutorial.

See, for example:

Screen Shot 2022-03-25 at 5.25.50 PM

Reference:

https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/

1 Like
6

You are the one! Thanks Neo

1 Like
7

Can someone read the key using a ssl stripping program? Just wanna keep my data safe.

Ziggy

8

There exist NO mathematical encryption method which cannot be compromised given enough time, resources and motivation.

I doubt @anon16652331 that you have a legitimate data confidentiality concern which we can address here in a public forum.

For example, I do not worry about if SSL can be broken "somehow".

If SSL was so "dangerous" the entire Internet would be at risk since it basically "runs" on SSL.

Furthermore, if SSL is "good enough" for every bank and brokerage in the world, with billions of dollars (maybe trillions) over SSL each day, the obviously it should be "more than good enough" for any legitimate activity you, @anon16652331 are doing.

Also, because SSL is so pervasive and important, the security of SSL is constantly being improved by the global user community at large. Obviously, the entire world uses SSL, so of course it must be working as designed. When bugs are found in any software implementation, they are squashed; and there are countless people always trying to make a name for themselves hacking around looking for vulnerabilities.

9

I have closed this topic for the reason above. If you want to start a new topic on a particular vulnerabilities of SSL @anon16652331, you will need to open a new topic and explain what data you need to protect so much, why you need to protect it so much, and who you feel is trying to get access to your data.

Thanks.