LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-21-2007, 08:20 PM   #1
dlublink
Member
 
Registered: Oct 2004
Location: Canada
Distribution: Ubuntu
Posts: 330

Rep: Reputation: 30
Am I using encryption on my openVPN?


Hello,

I am running a openVPN network and am wondering if the data is encrypted.

I don't have any encryption options enabled in my conf, I had assumed that encryption was automatically done using the private key/public key pairs that I used to authenticated the computers.

How can I verify that I am using a decent encryption ?

Thanks,

David
 
Old 03-23-2007, 04:57 AM   #2
Manana
Member
 
Registered: Dec 2005
Distribution: Ubuntu,Debian
Posts: 41

Rep: Reputation: 15
By default openvpn uses blowfish 128bit cipher for symmetric encryption, you should use something like "cipher AES-256-CBC" in your config to set another cipher, look at the howto on openvpn page http://openvpn.net/howto.html.
If you want to make sure the data is really encrypted you could use a packet sniffer to look at the packets, one of the best is Wireshark(aka ethereal).
If the data is really encrypted you will be able to tell by looking at the packets.

Last edited by Manana; 03-23-2007 at 05:10 AM.
 
Old 03-23-2007, 06:22 AM   #3
dlublink
Member
 
Registered: Oct 2004
Location: Canada
Distribution: Ubuntu
Posts: 330

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by Manana
By default openvpn uses blowfish 128bit cipher for symmetric encryption, you should use something like "cipher AES-256-CBC" in your config to set another cipher, look at the howto on openvpn page http://openvpn.net/howto.html.
If you want to make sure the data is really encrypted you could use a packet sniffer to look at the packets, one of the best is Wireshark(aka ethereal).
If the data is really encrypted you will be able to tell by looking at the packets.

Thanks.

I had actually tried tcpdump, but I didn't seem to be using the right option cause I only saw the headers and not the actual data.

I had looked at their page, not sure how I missed the information about the default encryption.

THanks for the information!

David
 
Old 03-25-2007, 11:19 AM   #4
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,706
Blog Entries: 4

Rep: Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949Reputation: 3949
You should review the information about VPN and acquire a cursory understanding of how that system is supposed to work... then check your configuration to make sure that it does.

(1) As mentioned, use a packet-sniffer such as ethereal to make sure that the packets are, in fact, encrypted. (Ethereal should be unable to show you what's in the packets.)

(2) The basic encryption-algorithm that is used to protect the traffic can be almost any of the choices... they're all strong, and for most purposes, they're all strong enough.

(3) Pay particular attention to the method by which the clients on the VPN tunnel authenticate themselves. If it's "pre-shared keys" (PSK, aka passwords), that's not good enough. If it's "digital certificates," it probably is.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
OpenVPN Question : connecting 5-6 comps with OpenVPN duryodhan Linux - Networking 7 02-15-2007 10:28 PM
openVPN... lakshminarayan Linux - Networking 5 07-23-2006 04:52 AM
OpenVPN wwnexc Linux - Software 6 05-20-2006 02:34 PM
Mandrake 9.0 Wireless Works without encryption.. does not with encryption topcat Linux - Wireless Networking 3 05-04-2003 08:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration