Hey there,
This isn't so much of a help question but more of a check to make sure OpenVPN works how I think it works. So here goes:
A packet is sent from your local computer to the server hosting OpenVPN. This contains metadata only really revealing to someone watching, say an ISP, that it's going to the server. The actual content is encrypted and useless to anyone watching (assuming everything is properly configured and only the right people have the keys and such). However when it gets to the server the content is unecrypted and turns out to be a second packet, containing metadata and content, that is then sent out to the internet unencrypted. The result is that the only information able to be gathered by observing the connection between the local computer and the server is information on the server and not information on the content of the connection.
So how close am I? If I'm way off, what can I do to make the above happen?
Thanks
End to end encryption.
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: End to end encryption.
your observation is correct: an eavesdropper can only tell that you are talking to the OpenVPN server, not what you are saying, i.e. it is not possible to see what your *real* destination is.
-
LutherWilliams
- OpenVpn Newbie
- Posts: 10
- Joined: Mon Dec 05, 2011 4:29 am
Re: End to end encryption.
Thanks, does this include all traffic? For example, if I'm connected to an OpenVPN server, will (S)FTP(S) traffic from that same server be encrypted?
-
mmiller
- OpenVpn Newbie
- Posts: 9
- Joined: Thu Dec 22, 2011 8:28 pm
Re: End to end encryption.
It can, if you want it to do so. You will want to modify your routing tables so that the traffic for any specific content is routed through the OpenVPN connection. This can be done via --push "route" directives on the OpenVPN server. There are also --redirect-gateway and --redirect-private directives which are experimental "forward everything" commands.
Otherwise, the specifics of how really depends on your OS, you need the proper routes set, and for example in Windows you need to set your virtual interface at a higher priority than your other interfaces via Advanced adapter settings - there should be information specifically how to do this for your situation.
Check out:
http://openvpn.net/index.php/open-sourc ... l#redirect
Otherwise, the specifics of how really depends on your OS, you need the proper routes set, and for example in Windows you need to set your virtual interface at a higher priority than your other interfaces via Advanced adapter settings - there should be information specifically how to do this for your situation.
Check out:
http://openvpn.net/index.php/open-sourc ... l#redirect