Page 1 of 1
OpenVPN with shared key encryption process
Posted: Sat Mar 16, 2013 10:31 am
by sicfaith
Hi, can someone explain to me from the beginning how the data encryption process of an OpenVPN tunnel using shared key works. In others words how dose the data gets encrypted and decrypted when using shared key for an site-to-site-tunnel.
Re: OpenVPN with shared key encryption process
Posted: Sun Mar 17, 2013 8:51 am
by mwandelaar
There's been a discussion some time ago about this question:
Topic 12275: SSL Tunneling where topicstarter and i tried to explain what's happening when packets travel through the stack.
Hope this answers your question.
Re: OpenVPN with shared key encryption process
Posted: Mon Mar 18, 2013 8:12 am
by sicfaith
Thanks for reply mwandelaar. What i don't understand is: when a shared key is been used, who/what is responsible for encryption/decryption of the data. Does the TUN/TAP driver take the data and use the cryptographic libraries of SSL/TLS to encrypt them?
Re: OpenVPN with shared key encryption process
Posted: Mon Mar 25, 2013 7:41 pm
by mwandelaar
That's the way it works.
As the TUN/TAP interface is a "cleartext" interface (any application can talk to it, i.e. firefox doesn't need anything special to do so), packets are picked-up by the virtual interface and fed through the application, responsible for this virtual interface.
This is where OpenVPN does it's job and gets the ip- or ethernetpacket, depending on the type of tunneling. It encrypts it either using the sessionkey derived from the certificates or using the static key and sends it to the other side, where the does the work in the otherway around.
The crypto-suite is defined in the config, and if not, the application default is used.
To be real honest, i don't have the topology of the sourcecode of OpenVPN clear, but this is the way it should work.