1. If a hacker has access to your openvpn security certificates and configuration file, can they decrypt your internet traffic/tunnel from a remote computer?
The reason I asked is that I recently moved to a new linux system with openvpn running "AES-256 encryption, secret key exchange, 8K PGP certificates, pre-shared key exchange and CBC replay protection". However, when the certificates were sent to me via email it was on a insecure most likely hacked computer/internet connection. I am still using the same wlan internet connection now with the new linux system/vpn. Is my traffic and data still at risk?
Other question:
2. Is there a way someone can crack into your computer through the vpn tunnel? Meaning it opens a tunnel into your computer so can that be a security risk in itself?
Thanks all for any help
openvpn security questions
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: openvpn security questions
@1: it's quite hard to decrypt an existing tunnel if your private keys are compromised; however, it will become very easy for an attacker to set up a connection of his/her own.
@2: the downside of a VPN tunnel is that you're (usually) digging through all firewalls. that means, if a hacker can set up a tunnel he/she can attack all machines connected to the tunnel, including your VPN client.
@2: the downside of a VPN tunnel is that you're (usually) digging through all firewalls. that means, if a hacker can set up a tunnel he/she can attack all machines connected to the tunnel, including your VPN client.
-
linux1
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Sep 06, 2012 10:34 pm
Re: openvpn security questions
I thought the vpn server would only allow one connection per key/authentication credential. So you are basically saying that an attacker can take my private key, set up their own vpn connection to my server and see my traffic that way?janjust wrote:@1: it's quite hard to decrypt an existing tunnel if your private keys are compromised; however, it will become very easy for an attacker to set up a connection of his/her own.
When the keys/credentials were emailed to me it was on an insecure connection so someone could likely have access to those keys I am now using for my vpn authentication. For various reasons I do not feel the vpn tunnel I mentioned is currently protecting my data/traffic as it should and I am trying to figure out why and how since the encryption and authentication process seems to be very strong.