OpenVPN proxy detect

Hi,

I'm wondering if it is possible to detect a OpenVPN session if it is
used through a proxy ?

Thanks!

(E-Mail Removed) wrote:
> Hi,
>
> I'm wondering if it is possible to detect a OpenVPN session if it is
> used through a proxy ?

Do you mean: Can the corporate/university net admin detect
an OpenVPN session?

If yes: It depends on the transport used for the outside of
the tunnel. A proxy will usually understand the protocol
being forwarded, so it can see that there are encrypted
packets both ways. If the admin does not have the VPN
connection keys, he's not able to decode what is being
transferred.

So: It's pretty easy to detect that there is an encrypted
transmission, but it's far from easy to see inside it.

--

Tauno Voipio
tauno voipio (at) iki fi

Hi,

thanks for the answering.
Could you explain what you mean by the "protocol" being forwarded ?
Is there a difference using Openvpn or connecting to a SSL encrypted
home page from the proxy point of view ?

(E-Mail Removed) wrote:
> Hi,
>
> thanks for the answering.
> Could you explain what you mean by the "protocol" being forwarded ?
> Is there a difference using Openvpn or connecting to a SSL encrypted
> home page from the proxy point of view ?

A proxy is a transport level forwarder, so it works on
UDP or TCP level. A HTTP proxy is an example. It knows
how HTTP requests and responses are formatted and transferred
on the underlying TCP connection.

Which kind of proxy are you thinking about?

There is a mode for HTTP over SSL where the proxy
is practically bypassed for the encrypted traffic.

For details, Google for HTTPS proxy, or also 'corkscrew'.

If the encryption is made correctly, a proxy cannot decode
either SSL or OpenVPN (which may be running on SSL or
another encryption, e.g. Blowfish with a shared key).

--

Tauno Voipio
tauno voipio (at) iki fi

> A proxy is a transport level forwarder, so it works on
> UDP or TCP level. A HTTP proxy is an example. It knows
> how HTTP requests and responses are formatted and transferred
> on the underlying TCP connection.
>
> Which kind of proxy are you thinking about?

Isn't the job of a proxy to make the connection for you then
redirect the data to the source ? I'm talking about a HTTP
proxy.

OpenVPN has a parameter which enables you to connect using
a proxy. I guess this can be used to connect through HTTP proxy ?
That is my question. Will this openvpn connect be any different
compared
connecting to a secure site using certificates ? Can you somehow look
at the TCP packets and say "Ah, this is a Openvpn stream" ?

Thanks,
Phyz

(E-Mail Removed) wrote:
>>A proxy is a transport level forwarder, so it works on
>>UDP or TCP level. A HTTP proxy is an example. It knows
>>how HTTP requests and responses are formatted and transferred
>>on the underlying TCP connection.
>>
>>Which kind of proxy are you thinking about?
>
>
> Isn't the job of a proxy to make the connection for you then
> redirect the data to the source ? I'm talking about a HTTP
> proxy.
>
> OpenVPN has a parameter which enables you to connect using
> a proxy. I guess this can be used to connect through HTTP proxy ?
> That is my question. Will this openvpn connect be any different
> compared
> connecting to a secure site using certificates ? Can you somehow look
> at the TCP packets and say "Ah, this is a Openvpn stream" ?

You're now just thinking about a HTTPS proxy with the 'connect'
feature.

If your OpenVPN sits at the HTTPS port (TCP/443) and looks
like a HTTPS server, you may succeed, but note that the initial
connection setup is in plain text and it must conform to
the HTTPS connection setup to pass a proxy.

Usually, the Web proxies honor only the ports 80 and 443.

--

Tauno Voipio
tauno voipio (at) iki fi

(E-Mail Removed) wrote:
> Hi,
>
> I'm wondering if it is possible to detect a OpenVPN session if it is
> used through a proxy ?

Just one warning with vpn over https proxy (openvpn or ssl vpn )
it's can be easily detected by flow accounting method
if your traffic isn't enough assymetric ;-)

Philippe WEILL wrote:

>
>
> (E-Mail Removed) wrote:
>> Hi,
>>
>> I'm wondering if it is possible to detect a OpenVPN session if it is
>> used through a proxy ?
>
> Just one warning with vpn over https proxy (openvpn or ssl vpn )
> it's can be easily detected by flow accounting method
> if your traffic isn't enough assymetric ;-)

Why wouldn't the VPN be as asymetric as the original data?

James Knott wrote:
> Philippe WEILL wrote:
>
>>
>> (E-Mail Removed) wrote:
>>> Hi,
>>>
>>> I'm wondering if it is possible to detect a OpenVPN session if it is
>>> used through a proxy ?
>> Just one warning with vpn over https proxy (openvpn or ssl vpn )
>> it's can be easily detected by flow accounting method
>> if your traffic isn't enough assymetric ;-)
>
> Why wouldn't the VPN be as asymetric as the original data?

when you do https you have a big input traffic and really small output traffic
about <5% out >95% in
if stats show another traffic repartition we have alarm and it's working greet
if for example you use your VPN for serving file traffic is reversed (P2P ...)
and you find this by accounting method
If you just do download with your VPN it's ok but remember that when you do this

Philippe WEILL <(E-Mail Removed)> wrote:
> when you do https you have a big input traffic and really small output
> traffic about <5% out >95% in if stats show another traffic repartition
> we have alarm [...]

What a clever idea!
Chris