For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

This forum is for all inquiries relating to the installation of OpenVPN from source and with binaries.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please visit (and READ) the OpenVPN HowTo http://openvpn.net/howto prior to asking any questions in here!
Post Reply
woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Sun Jun 04, 2017 2:46 am

For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Specifically, did I redact the correct five items in my sample log file below in order to protect my privacy when posting log files online?

I just want to know what I need to REDACT in order to protect my privacy (e.g., my unique MAC address or my unique Internet IP address, etc.).

Here is a typical Windows log file created by sending a freely available vpngate free public VPN server *.ovpn config file to the Windows OpenVPN Daemon.

I redacted five items, but I only ask here whether I needed to redact only those five (more? fewer?) in order to protect my privacy.
The reason I ask is that I need to post some log files and I don't understand which line items I need to redact to protect my privacy.

Q: Did I redact the correct set of five privacy-related line items?
(Probably I redacted too many, but potentially I redacted too few - where it's highly unlikely I redacted just the correct amount.)

=========================================================================
Thu Jun 01 12:33:44 2017 OpenVPN 2.4.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on May 11 2017
Thu Jun 01 12:33:44 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Thu Jun 01 12:33:44 2017 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.10
Thu Jun 01 12:33:44 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Thu Jun 01 12:34:45 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]71.227.170.10:1232
Thu Jun 01 12:34:45 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Thu Jun 01 12:34:45 2017 UDP link local: (not bound)
Thu Jun 01 12:34:45 2017 UDP link remote: [AF_INET]71.227.170.10:1232
Thu Jun 01 12:34:45 2017 TLS: Initial packet from [AF_INET]71.227.170.10:1232, sid=[#1 of 5 REDACTED]
Thu Jun 01 12:34:45 2017 VERIFY OK: depth=2, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
Thu Jun 01 12:34:45 2017 VERIFY OK: depth=1, C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Domain Validation Secure Server CA
Thu Jun 01 12:34:45 2017 VERIFY OK: depth=0, OU=Domain Control Validated, OU=PositiveSSL Wildcard, CN=*.opengw.net
Thu Jun 01 12:34:45 2017 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Thu Jun 01 12:34:45 2017 [*.opengw.net] Peer Connection Initiated with [AF_INET]71.227.170.10:1232
Thu Jun 01 12:34:46 2017 SENT CONTROL [*.opengw.net]: 'PUSH_REQUEST' (status=1)
Thu Jun 01 12:34:47 2017 PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.1 10.211.1.2,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.2,redirect-gateway def1'
Thu Jun 01 12:34:47 2017 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 01 12:34:47 2017 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 01 12:34:47 2017 OPTIONS IMPORT: route options modified
Thu Jun 01 12:34:47 2017 OPTIONS IMPORT: route-related options modified
Thu Jun 01 12:34:47 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jun 01 12:34:47 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Jun 01 12:34:47 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 01 12:34:47 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Thu Jun 01 12:34:47 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jun 01 12:34:47 2017 interactive service msg_channel=0
Thu Jun 01 12:34:47 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 I=9 HWADDR=[#2 of 5 REDACTED]
Thu Jun 01 12:34:47 2017 open_tun
Thu Jun 01 12:34:47 2017 TAP-WIN32 device [Ethernet] opened: \\.\Global\{#3 of 5 REDACTED}.tap
Thu Jun 01 12:34:47 2017 TAP-Windows Driver Version 9.21
Thu Jun 01 12:34:47 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.1/255.255.255.252 on interface {#4 of 5 REDACTED} [DHCP-serv: 10.211.1.2, lease-time: 31536000]
Thu Jun 01 12:34:47 2017 Successful ARP Flush on interface [8] {#5 of 5 REDACTED}
Thu Jun 01 12:34:47 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Thu Jun 01 12:34:52 2017 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up
Thu Jun 01 12:34:52 2017 C:\WINDOWS\system32\route.exe ADD 71.227.170.10 MASK 255.255.255.255 192.168.1.1
Thu Jun 01 12:34:52 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jun 01 12:34:52 2017 Route addition via IPAPI succeeded [adaptive]
Thu Jun 01 12:34:52 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.2
Thu Jun 01 12:34:52 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jun 01 12:34:52 2017 Route addition via IPAPI succeeded [adaptive]
Thu Jun 01 12:34:52 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.2
Thu Jun 01 12:34:52 2017 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=20 and dwForwardType=4
Thu Jun 01 12:34:52 2017 Route addition via IPAPI succeeded [adaptive]
Thu Jun 01 12:34:52 2017 Initialization Sequence Completed
=========================================================================

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Sun Jun 04, 2017 5:41 pm

The only thing that we prefer people to redact is their public IP addresses.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Sun Jun 04, 2017 10:21 pm

TinCanTech wrote:The only thing that we prefer people to redact is their public IP addresses.
Thank you for that answer that you prefer the "public IP address" to be redacted.

I should note that I didn't BUILD my OpenVPN setup; all I do is doubleclick on *.ovpn files freely available on the net, and THAT alone puts me on VPN to the free public VPN servers (where I just want to maintain my privacy when posting logs for debugging on the net).

Given that all I do is doubleclick on the *.ovpn files to get on VPN, I'm no expert; hence, your answer confuses me because I know my public IP address in the use model of freely available public VPN OpenVPN service configuration files and my public IP address (given to me by my ISP) does NOT show up in any of my OpenVPN log files.

Maybe I missed something?
If you say I should redact my public IP address provided by my ISP, I'd be glad to redact that personal IP address - but I don't see it in any of my log files.
How did I miss it?

What I do see by way of IP addresses are the five lines 5, 8, 9, 14, & 35 of the log file which displays the IP address of the free public VPN server:
LINE 5: Preserving recently used remote address: [AF_INET]71.227.170.10:1232
LINE 8: UDP link remote: [AF_INET]71.227.170.10:1232
LINE 9: TLS: Initial packet from [AF_INET]71.227.170.10:1232, sid=[#1 of 5 REDACTED]
LINE 14: [*.opengw.net] Peer Connection Initiated with [AF_INET]71.227.170.10:1232
LINE 35: Thu Jun 01 12:34:52 2017 C:\WINDOWS\system32\route.exe ADD 71.227.170.10 MASK 255.255.255.255 192.168.1.1

And potentially these four lines:
LINE 16: PUSH: Received control message: 'PUSH_REPLY,ping 3,ping-restart 10,ifconfig 10.211.1.1 10.211.1.2,dhcp-option DNS 10.211.254.254,dhcp-option DNS 8.8.8.8,route-gateway 10.211.1.2,redirect-gateway def1'
LINE 31: Thu Jun 01 12:34:47 2017 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.211.1.1/255.255.255.252 on interface {#4 of 5 REDACTED} [DHCP-serv: 10.211.1.2, lease-time: 31536000]
LINE 38: Thu Jun 01 12:34:52 2017 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.211.1.2
LINE 41: Thu Jun 01 12:34:52 2017 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.211.1.2

Would you kindly clarify your response, as I'm trying to figure out which (if any, or all?) of these nine lines should be typically redacted when posting log files for debug purposes, in order to maintain a modicum of privacy.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Mon Jun 05, 2017 1:05 am

woodrock wrote:
TinCanTech wrote:The only thing that we prefer people to redact is their public IP addresses.
Thank you for that answer that you prefer the "public IP address" to be redacted.

Would you kindly clarify your response,
Do not post the IP address or DNS name of your own OpenVPN server.

woodrock wrote:as I'm trying to figure out which (if any, or all?) of these nine lines should be typically redacted when posting log files for debug purposes, in order to maintain a modicum of privacy.
Those are publicly accessible servers .. so nobody cares.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Mon Jun 05, 2017 3:33 am

TinCanTech wrote:Do not post the IP address or DNS name of your own OpenVPN server.
I'm sorry if I wasn't clear that I'm not worried about the IP address of the public VPN server being shown (otherwise I would have redacted it).
The FOUR items I'm worried about are redacted in the screenshot below.
1. This is the MAC address, which is clearly a privacy issue for anyone who understands such things, so, I don't need any help on this item.
2. But what is this?
3. And this?
4. And this?
5. And this?
Image
TinCanTech wrote:Those are publicly accessible servers .. so nobody cares.
I apologize for not being crystal clear.
Let's forget about IP addresses, since we all agree that, in this case, the IP address is NOT a privacy issue.

There are FIVE things redacted in the original post and in the screenshot above.
Of those five things, clearly the MAC address is a privacy issue for anyone who understands such things (which I do).
But the other four things - I'm not sure WHAT they are.

Does anyone here know what those other four numbers indicate and are they a privacy issue when posting screenshots of log files?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Mon Jun 05, 2017 12:26 pm

woodrock wrote:2. But what is this?
sid = session id , no privacy concern
woodrock wrote:3. And this?
Tap adapter random Unique ID , no privacy concern
woodrock wrote:4. And this?
As 3
woodrock wrote:5. And this?
As 3

You can redact whatever you want but the only thing that is a real concern is the public IP of your server.
If you have a static public IP for your client you may also want to redact that.
And when posting your config files do not include the inline certs and keys.

Also, posting log files is preferred to screen shots ..

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Mon Jun 05, 2017 5:52 pm

TinCanTech wrote:sid = session id , no privacy concern
Thank you for explaining the "sid" is a "session id".

Bear in mind I just download and doubleclick on OpenVPN config files so I have never set up a server myself, where most of these "issues" would probably have come up.

So may I ask to clarify WHO creates that sid?
Is that "sid" generated by OpenVPN software?
Or is that "sid" provided by the VPN server?
TinCanTech wrote:Tap adapter random Unique ID , no privacy concern
Thanks for explaining that the Tap Adaptor has a 'random unique id', which is an odd set of words in that nothing is random because randomness requires a seed, and a unique id can't be random anyway if it's repeated twice.

So to clarify, may I ask WHO creates that "random and yet unique id"?
Does Windows create that Tap Adapter ID?
Or does the OpenVPN software create the Tap Adaptor ID?
TinCanTech wrote:You can redact whatever you want but the only thing that is a real concern is the public IP of your server.
I agree that the IP address of your own VPN server would be something to be redacted.

So should the unique MAC address of your router (unless it's spoofed randomly), particularly since your WiFI MAC address (BSSID) is already very likely on a public database (along with signal strength and GPS coordinates) due to badly configured Android phones (and maybe even Windows 10 computers) [even if your SSID is either set to be hidden or if you have _nomac & _optout in the SSID].
TinCanTech wrote:If you have a static public IP for your client you may also want to redact that.
Thanks for pointing out that the client computer might have a static public IP address.
In my case, it's a local subnet of 192.168.1.x so that's not of concern from a privacy standpoint.
TinCanTech wrote:And when posting your config files do not include the inline certs and keys.
Oh? I see. If I rolled my own VPN server, that would be critical. Thanks.

Does that certs-and-keys warning apply in my case with freely available public VPN servers though?
TinCanTech wrote:Also, posting log files is preferred to screen shots ..
OK. Thanks. I can put the log flies inside of CODE tags.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Tue Jun 06, 2017 4:21 am

I ran a few sessions connecting to a variety of VPN servers to obtain test logs for this issue, where I can concur with Mr. TinCanTech that the Session ID changes with each session.

Searching for "session id" and "sid=" with "OpenVPN" gets nothing useful, as it finds a million posted log files, but no description of who creates that session id (either the local Windows machine, or the remote VPN server) and what it's used for.

The "best" (which isn't very useful) documentation I could find (so far) on how the OpenVPN session ID is created is found here.
Image

From that, I am guessing that the session id is GENERATED by OpenVPN in the procedure located at:
/root/openvpn/source/openvpn/session/session_id.h

So my assumption is that this session_id is created by OpenVPN for only OpenVPN purposes, and that this session_id is NOT sent out on the net (e.g., to the VPN server) but that this session_id stays on the local machine.

Is that assumption that the session ID never leaves the local network correct?

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Tue Jun 06, 2017 5:10 am

Regarding the TAP ADAPTER metadata, it's similarly difficult to find any decent OpenVPN documentation on this item.

I ran a few tests where the TAP ADAPTER seems to remain static no matter how many VPN sessions I run, and where the unique TAP ADAPTER ID for your machine survived reboots, just like a social security number for your machine.

The best documentation I could find on how this OpenVPN Windows tap adapter unique ID is created is over here.
Image

There was also a complex Windows registry script to ad-hoc rename the tap adapter so that it doesn't always uniquely identify your machine:
Image

Where the renaming process seems to be horrifically complex (IMHO) for a simple user who just wants basic privacy:
Image

What seems clear is that the tap adapter is static (bad for privacy), and it uniquely identifies your machine (bad for privacy) and that it contains a MAC address (bad for privacy) which can be seen by the following on Windows:
Start > Run > cmd > ipconfig /all

This tap adapter "Physical Address" (aka MAC address) can also be found in Windows by the GUI:
a. Open "Network Connections"
b. Right click on the tap adapter "Local Area Connection"
c. Select "Status > Support > Details" and that will output the tap adapter "Physical Address" (aka it's unique MAC address)

In summary, this unique tap adapter metadata seems like a far more sinister privacy leak in posted log files, as it seems to uniquely identify your specific Windows machine (just like how a SSN uniquely identifies you), even down to including your unique "Physical Address" for your tap adapter.

Hence, IMHO, this meta data MUST be redacted out of every posted log file if you care about privacy.

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Tue Jun 06, 2017 10:20 am

woodrock wrote:In summary, this unique tap adapter metadata seems like a far more sinister privacy leak in posted log files, as it seems to uniquely identify your specific Windows machine (just like how a SSN uniquely identifies you), even down to including your unique "Physical Address" for your tap adapter.
We already know it is you because you post under the same name .: you have been identified.

The reason to redact your public IP addresses is because that does present an attack vector.
If I know your addresses and they are fixed, or at least still the same, then I can attack you directly.

The UID of the TAP adapter presents no inherent risk, and for your peace of mind:
A server never knows the UID of the Windows TAP adapter.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Tue Jun 06, 2017 1:50 pm

TinCanTech wrote:If I know your addresses and they are fixed, or at least still the same, then I can attack you directly.
Thank you Mr. TimCanTech for clarifying for me (and for everyone who reads this, which is the overarching goal) better understand what needs to be redacted out of OpenVPN log files.

For a home setup, I completely agree with you that the VPN server IP address on a typical non-public setup represents a static attack vector INTO your very home.

But there are TWO different dangers, both of which I am considering:
  • PHYSICAL DATA (e.g., John Doe, 100 Main Street, Anytown USA)
    META DATA (e.g., PHONE +1-201-555-1212, SSN 123-45-6789, ZIP 12345)
While I'm obviously worried about the PHYSICAL DATA, my question is almost completely about the META DATA.
TinCanTech wrote:We already know it is you because you post under the same name .: you have been identified.
The meta-data problem is bigger (far, far, far bigger) than posting a unique number (such as a SSN) to this web site.
The problem of meta data is REALLY BIG simply because that meta data transcends this one web site.

As just one example which might not apply here completely, every Access Point BSSID (aka MAC address) of your home SOHO router is ALREADY on a publicly available database at this very moment, if you live in the United States. Not only is your MAC address permanently stored on that Google public database, but so is the signal strength and GPS location of your very home stored along with that MAC address.

Google insists that's only "meta data" (as if meta data isn't "real data"), and you can't do ANYTHING about it because almost every Android phone uploads this information to Google as they drive by your house. This is a fact, which can (easily) be abused by others, and which Google has scant protections against abuse (which we can discuss separately if you like, as I know that problem rather well).

My only point is that meta data is real data, which transcends one web site.
So any data in the log file that is STATIC (bad!) and UNIQUE (bad) to you, is very bad meta data indeed!

As just one contrived example using the unique (bad) static (bad) Tap Identifier:
  • a. What if I post a log to you here, from my employer's PC, using "woodrock" as my moniker,
    b. And then, two years later, what if I post to the Usenet a different log file, using "rockwood" as my nym,
    c. Now my employer, who owns the PC, can trivially easily connect the two posts, years apart, to the same machine (bad!)
    d. Even worse, ANYONE on the planet can connect those two posts, years apart, as having come from the same machine! (really bad!)

    That's just a quickly contrived example, but don't think for a moment that EVERY data aggregator on the planet doesn't know the power of meta data.
    Also keep in mind that VPN is all about protection, so, why give away the farm in every post?
    TinCanTech wrote:A server never knows the UID of the Windows TAP adapter.
    This is a great point you bring up that we need to worry about what the SERVER knows, because part of protection, especially in my case where I use a free public VPN server.

    What this thread is about is what data is inside the log file that (should or must) be redacted to maintain a modicum of privacy.

    To that end, how is this summary for me, and for anyone reading this in the future?
    (Assumption = Simple typical home setup of SOHO router, Windows PC, Ethernet connection, & a public or private VPN server.)
    But there are TWO different dangers, both of which I am considering:
    • CRITICAL PHYSICAL DATA (e.g., John Doe, 100 Main Street, Anytown USA)
      1. The IP address & port of the VPN server
        The certificate information (I'm not sure which lines in the log file contain this information though)
      CRITICAL META DATA (e.g., PHONE +1-201-555-1212, SSN 123-45-6789, ZIP 12345)
      1. The unique and static (both bad) MAC address of your PC Ethernet port
        The unique and static (both bad) address of your Tap Adapter.
      1. FAR LESS IMPORTANT META DATA (because it is not unique nor as static)
        The operating system and version (this shouldn't generally be much of a problem)
        The OpenVPN software version (this shouldn't generally be much of a problem though)
        The date & time (this can identify a single person if enough other meta data is provided)
        The router IP address and netmask (this could be unusual, for example, like 10.20.30.40/24 or whatever)
        The type of encryption used
        The DNS server used while in the VPN tunnel
Is that a decent summary of what type of data and meta data should be considered for redaction in posted log files?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Tue Jun 06, 2017 2:33 pm

woodrock wrote:Google insists that's only "meta data" (as if meta data isn't "real data"), and you can't do ANYTHING about it because almost every Android phone uploads this information to Google as they drive by your house. This is a fact, which can (easily) be abused by others, and which Google has scant protections against abuse (which we can discuss separately if you like, as I know that problem rather well).
Off-Topic would be the place to start this ;)


With regard to your summary:
woodrock wrote:To that end, how is this summary for me, and for anyone reading this in the future?
(Assumption = Simple typical home setup of SOHO router, Windows PC, Ethernet connection, & a public or private VPN server.)
But there are TWO different dangers, both of which I am considering:
  • CRITICAL PHYSICAL DATA (e.g., John Doe, 100 Main Street, Anytown USA)
    1. The IP address & port of the VPN server
      The certificate information (I'm not sure which lines in the log file contain this information though)
    CRITICAL META DATA (e.g., PHONE +1-201-555-1212, SSN 123-45-6789, ZIP 12345)
    1. The unique and static (both bad) MAC address of your PC Ethernet port
      The unique and static (both bad) address of your Tap Adapter.
    1. FAR LESS IMPORTANT META DATA (because it is not unique nor as static)
      The operating system and version (this shouldn't generally be much of a problem)
      The OpenVPN software version (this shouldn't generally be much of a problem though)
      The date & time (this can identify a single person if enough other meta data is provided)
      The router IP address and netmask (this could be unusual, for example, like 10.20.30.40/24 or whatever)
      The type of encryption used
      The DNS server used while in the VPN tunnel
Please redact these:
  • The IP address & port of the VPN server
  • The certificate information (I'm not sure which lines in the log file contain this information though)
    If this information were required it can be done in ways so as not to leave the data public.
Please do not redact these (but the final decision is down to each individual who posts).
  • The operating system and version (this shouldn't generally be much of a problem)
    almost always required.
  • The OpenVPN software version (this shouldn't generally be much of a problem though)
    almost always required.
  • The date & time (this can identify a single person if enough other meta data is provided)
    Preferred and almost always required.
  • The router IP address and netmask (this could be unusual, for example, like 10.20.30.40/24 or whatever)
    Preferred and almost always required.
  • The type of encryption used
    The error messages in the log will usually indicate if some form of encryption is the problem.
    Required or not by individual case.
  • The DNS server used while in the VPN tunnel
    Required more often than you would imagine, usually when people set DNS to thier server IP
    but their server does not have any DNS solution.
One final note:
  • Provided people do not abuse them, moderators are available to redact private data that is accidentally posted. In fact, moderators will often remove private data before posters even realise their mistake. If you do post something which you are later uncomfortable with you can report your post and a moderator will review your request. And bare (or is that bear) in mind, this is a luxury not afforded on the mailing list :geek:

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Tue Jun 06, 2017 5:02 pm

TinCanTech wrote:Off-Topic would be the place to start this
Understood.
My main point was only to underscore that meta data is data too.
Meta data just takes multiple instances to be correlated directly to you.

As an example, I could post my SSN or my Drivers License and it wouldn't mean much all by itself.
But correlated with other data, it could pinpoint me.

Which is why any data in the log file that is static (bad) and unique (even worse) at the same time, is a threat to privacy.

For example: The "sid" session id, seems to be dynamic, so it doesn't seem to be a threat (thanks for pointing that out).
And yet, the Tap Adapter ID is static and unique to your machine and worse, it contains your MAC address, all of which is bad news for privacy.
And worse, the VPN Server IP address is static.

So, in a way, the analogy of the meta data in the log file is sort of like this:
a. sid = just a thowaway number (I think, based on what you told me)
b. Ethernet port MAC Address = worse since it's sort of like a Social Security Number, unique to your Ethernet port
c. Tap Adapter ID = even worse since it's sort of like a Drivers License with birth-date information encoded in the number (in this case, it's a different MAC address which is also encoded into the Tap Adapter ID).
TinCanTech wrote: Please redact these:
  • The IP address & port of the VPN server
  • The certificate information
Thank for confirming that the two most important pieces of privacy DATA in a log file are:
a. The server IP address
b. The certificates
TinCanTech wrote: Please do not redact these
  • The operating system
  • The OpenVPN version
  • The date & time
  • The router IP address and netmask
  • The type of encryption used
  • The DNS server used while in the VPN tunnel
[/list]
Thank you for that interesting assessment, which I appreciate that you provided the detail as to why.
I can easily agree with you on all of them since they're all "weakly correlated" meta data anyway, so they almost certainly provide more value in a log file than they take away in privacy.
TinCanTech wrote: In fact, moderators will often remove private data before posters even realise their mistake
This is good to know.

I think it's VERY IMPORTANT to also note that the Ethernet port MAC address is unique (unless spoofed) and static so it should always be redacted (IMHO) from all openvpn log files posted to the net (plus, it reveals the manufacturer of your Ethernet card).

That MAC address has two parts, as I'm sure you know, where the first half is the manufacturer and the second half is a unique identifier.
Almost never would the first part be useful in a log file, and certainly the second part would (almost certainly) never be useful in a log file.

So there's some potential harm with absolutely no upside benefit (IMHO) in posting our static (bad) and unique (even worse) Ethernet port MAC address in every log file.

The argument for the TAP Adapter is somewhat similar because there is a unique and static MAC address in the first part of that Tap Adapter, and, again, there's no value to the people reading the log file.

So what I will redact (or spoof), in the future is:
1. The VPN Server (if it's my own server) and port.
2. The certificates (if it's my own server)
3. The Ethernet port Mac address (since it gives away the manufacturer and since it's unique to my machine and since it provides no value to the reader anyway)
4. The Tap Adapter ID (since it contains a MAC address and since it is unique to my machine and since it provides no value anyway)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Tue Jun 06, 2017 5:38 pm

If your paranoia is over powering you .. then do this:
  • Open your log file in you favourite text editor and replace all those things you want to hide.
    At least if you replace each string you want to hide with another suitable string all at once
    the log will still maintain it's value for debugging.

    Example: Your private server LAN IP "192.168.7.2" replace with "192.168.SRV.IP"
The same goes for all your other concerns.

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Tue Jun 06, 2017 6:10 pm

TinCanTech wrote:If your paranoia is over powering you .. then do this:
Thank you for that kind advice.
We have to always keep in mind that VPN is all about privacy.

I took your suggestion completely to heart, and immediately implemented your suggestion, just now, over here:
- Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn config files

User avatar
Pippin
Forum Team
Posts: 1201
Joined: Wed Jul 01, 2015 8:03 am
Location: irc://irc.libera.chat:6697/openvpn

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by Pippin » Tue Jun 06, 2017 6:35 pm

We have to always keep in mind that VPN is all about privacy
Did this recently change?

To my knowledge, OpenVPN is about securing data transferred between endpoints over a unsecure channel.
That`s a bit different then all about privacy....isn`t it?
;)

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by TinCanTech » Tue Jun 06, 2017 7:15 pm

Pippin wrote:To my knowledge, OpenVPN is about securing data transferred between endpoints over a unsecure channel.
That`s a bit different then all about privacy....isn`t it?
Agreed.
woodrock wrote:
TinCanTech wrote:If your paranoia is over powering you .. then do this:
Thank you for that kind advice.
We have to always keep in mind that VPN is all about privacy.

I took your suggestion completely to heart, and immediately implemented your suggestion, just now, over here:
- Tutorial to set up Windows 10 OpenVPN client to work on HUNDREDS of sometimes unreliable freely available openvpn config files
Looks like you left the logs (x4) completely intact to me ? (Which is not really a problem as I have explained)

woodrock
OpenVPN User
Posts: 37
Joined: Sun Jun 04, 2017 1:59 am

Re: For privacy, what should I redact when I post OpenVPN Daemon log files from Windows?

Post by woodrock » Tue Jun 06, 2017 8:57 pm

Pippin wrote:OpenVPN is about securing data transferred between endpoints over a unsecure channel.
This is a good point where I thank you for catching that I sometimes forget people actually use OpenVPN for "security".
I think you feel VPN is all about security because you are probably used to dealing with IT networking professionals, and not home-owner laypeople of the sort that I am.

On a static IP address Corporate or Home-Built VPN server, then, of course, it's not going to be so much about privacy, but about data security.

I use VPN mostly to change my IP address on demand, and to hide my activities from large accumulators across the net (e,g., facebook, google, amazon, the government, my employer, etc.).

To understand why VPN is about privacy, you have to think about the other half of the OpenVPN users out there who use it for privacy.
a. Privacy from the ISP
b. Privacy from the snooping eyes of the government (and anyone else with nefarious purposes and a lot of money)
c. Privacy from snooping meta-data collectors such as Google and their ilk
d. Even privacy from web sites such as this very OpenVPN web site (and the Usenet, and any other "forum").

Notice that the web administrators of this forum have no idea what my IP address is.
Why is that?

Because I'm never NOT on VPN, and I change my IP address perhaps fifty times a day (which is why my use model must be push-button efficient!).

VPN is not just about security.
If you use freely available public VPN servers - then it can certainly be ALL about privacy since security isn't the goal in that case.

In fact, here's a verbatim quote from vpngate.net which is where I get most of my free public VPN configuration files.
You can disguise your IP address to hide your identity while surfing the Internet.
You see? They know it. I know it.
VPN is not only about security.
In fact,for my extremely simple use model, VPN has (almost) nothing to do with security and all to do with privacy.
TinCanTech wrote:Agreed.
Nothing wrong with thinking that VPN is "only" about security, but that's sort of like thinking that a chainsaw is only for cutting down trees, and not for cutting lumber to size for personal use.

In my use model (which was described here in detail), I keep a directory filled with VPN config files for every "task" that I do on the net.
1. If task A is "gmail", then I have a freely available public VPN configuration file in directory A only for use with Gmail.
2. If task B is "OpenVPN.net", then I have a freely available public VPN config file in directory B only for use with OpenVPN.net.
3. If task C is "Usenet", then I have a freely available public VPN config file in directory C only for use with Usenet.

I never mix them.
That's to keep my meta data private from cross-domain accumulators.
(I realize I need further encryption to keep the meta data private from the VPN servers themselves; but that's a different problem set.)

In practice, since freely available public VPN files are flaky, each directory can contain hundreds of unique VPN files, where I order them in a certain repeatable sequence so that the first working file is what OpenVPN uses, but that's a technicality on the privacy issue.
TinCanTech wrote:Looks like you left the logs (x4) completely intact to me ? (Which is not really a problem as I have explained)
Naaah. I just fooled you by using sed/awk/grep to modify the files so that the privacy metadata was actually spoofed.
It's zero problem to spoof the metadata.

My problem, initially, was RECOGNIZING what each piece of meta data was.

Thank you for helping me, which will help others, in the future (which is alway the overarching goal and which is why I ask questions that typically have never been asked before but which are important to know the answers to).

Thank you for all your wonderful help!
Much appreciated!

Post Reply