VPN questions

Hi,

my university provides me with a vpn server that I would like to use in
order
to encrypt my data while using an open WiFi.

In this context, I have couple of questions:
1) What is the general idea behind a vpn? Can this be basically seen as
the
following configuration ?:

|ME| <--WLAN/unsafe--> |VPN SERVER| <--encrypted--> |Internet|

That is, I connect via an unsafe connection (like open WLAN) with a vpn
server. The data transfered here is not encrypted. The vpn server encrypts
all data such that everything that I send/receive to/from the Internet is
encrypted, hence there is no danger of sniffing data (since not useful for
attacker). This way, I basically protect all my transmitted data even
though an open, unsafe WLAN is used?

2) When I connect to the vpn server, an encrypted ssh connection is used.
However, to log in to the server I have to use the open WLAN. Is this
potentially not dangerous since someone can sniff my unencrypted vpn login
data?

3) I am using vpnc (under Linux). After connecting to the open WLAN (via
knetworkmanager), I use the vpnc-connect script that
reads my configuration file. After typing my username and password, vpnc
tells me "VPNC started in background (pid: 4162)...". When I use an
Internet browser/e-mail client ... after this, will automatically all
data be transmitted via the vpn server? Or is something else required to
redirect data to the vpn server?

4) When I understand it correctly, the vpn server will still receive all
my data in an unencrypted way. Does this mean that the provider of the
vpn server has access to my raw data? If so, is there a way to avoid this?

Thank you for your help.

Best,
Tim

> You <-> WLAN/unsafe <-> VPN Server <-> unencrypted <-> Internet
>
> So the traffic between you and the VPN servre (which passes over the
> WLAN) is encrypted.

Thank you for your answer. Just to make sure that I understand the
concept of VPN: Everything that I transmit via an unsafe WLAN connection
can be theoretically sniffed by others, right? When I now connect to
a VPN server, all the communication between me and the VPN server goes
through the unsafe WLAN. So, all data that I send has to be already
encrypted otherwise the raw data could be sniffed before reaching the
VPN server. Thus, my understanding is that everything send to the VPN
server is already encrypted, the VPN decrypts it and sends it to the
Internet to allow the Web browsers on the Internet to interpret my
data (since they don't understand the encrypted data). But this does
not conform to your "diagram". So, where do I mistake?

Tim

On 2010-05-28, Tim Frink <(E-Mail Removed)> wrote:
> Hi,
>
> my university provides me with a vpn server that I would like to use in
> order
> to encrypt my data while using an open WiFi.
>
> In this context, I have couple of questions:
> 1) What is the general idea behind a vpn? Can this be basically seen as
> the
> following configuration ?:
>
>|ME| <--WLAN/unsafe--> |VPN SERVER| <--encrypted--> |Internet|

No
Me->VPN software on my own computer->encrypted->Wireless card -> remote
server->whatever.
Just as with ssh, it is encrpted on the link out of your computer.
That is why you have to install vpn software onto your machine.

>
> That is, I connect via an unsafe connection (like open WLAN) with a vpn
> server. The data transfered here is not encrypted. The vpn server encrypts
> all data such that everything that I send/receive to/from the Internet is
> encrypted, hence there is no danger of sniffing data (since not useful for
> attacker). This way, I basically protect all my transmitted data even
> though an open, unsafe WLAN is used?
>
> 2) When I connect to the vpn server, an encrypted ssh connection is used.
> However, to log in to the server I have to use the open WLAN. Is this
> potentially not dangerous since someone can sniff my unencrypted vpn login
> data?
>
> 3) I am using vpnc (under Linux). After connecting to the open WLAN (via
> knetworkmanager), I use the vpnc-connect script that
> reads my configuration file. After typing my username and password, vpnc
> tells me "VPNC started in background (pid: 4162)...". When I use an
> Internet browser/e-mail client ... after this, will automatically all
> data be transmitted via the vpn server? Or is something else required to
> redirect data to the vpn server?
>
> 4) When I understand it correctly, the vpn server will still receive all
> my data in an unencrypted way. Does this mean that the provider of the
> vpn server has access to my raw data? If so, is there a way to avoid this?
>
> Thank you for your help.
>
> Best,
> Tim

> I'm not sure why you think that doesn't conform. Maybe we're just using
> terms differently.

OK, now I got it. Maybe I was little bit confused since at first glance
it seemed to me that the connection between the VNC client and the server
was not encrypted. But now it's clear.

Maybe this is now a stupid question, but in this scenario the VPN server
decrypts the messages and sends them to the Internet. So theoretically
here a sniffer may start his attach. Or do we have to assume that our
IPS is secure and attacks are not likely?

Tim

On 2010-05-29, Tim Frink <(E-Mail Removed)> wrote:
>
>> I'm not sure why you think that doesn't conform. Maybe we're just using
>> terms differently.
>
> OK, now I got it. Maybe I was little bit confused since at first glance
> it seemed to me that the connection between the VNC client and the server
> was not encrypted. But now it's clear.
>
> Maybe this is now a stupid question, but in this scenario the VPN server
> decrypts the messages and sends them to the Internet. So theoretically
> here a sniffer may start his attach. Or do we have to assume that our
> IPS is secure and attacks are not likely?
l
Yes. Your own computer is also a weakness.
>
> Tim

Tim Frink <(E-Mail Removed)> wrote:
> OK, now I got it. Maybe I was little bit confused since at first glance
> it seemed to me that the connection between the VNC client and the server
> was not encrypted. But now it's clear.

Hang on. You're saying VNC here. That's something totally different,
and in generally VNC traffic is not encrypted.

Did you perhaps really mean VPN or vpnc (which is an implementation of
CISCO IPSec VPN)?

Chris