Announcement

Collapse
No announcement yet.

VPN and encryption

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • VPN and encryption

    When you're connected to/through a vpn like privateinternetaccess.com service, is your traffic between them and the site(s) your accessing encrypted too or just between you and the vpn server itself?

  • #2
    They are using OpenVPN and they also need you to install a VPN client on your PC. So it's encrypted from your PC to their Proxy. They also hide your IP and MAC address which helps prevent tracking. Encryption from their proxy to the website is going to be dependent on the website having an encrypted connection with a valid SSL certificate. A self signed SSL cert can also be encrypted but it is vulnerable.

    Comment


    • #3
      Right on, thank you sir. I knew the former, but wasn't fully certain about the latter. Thanks Rick.

      Comment


      • #4
        Originally posted by Sgt Beavis View Post
        They are using OpenVPN and they also need you to install a VPN client on your PC. So it's encrypted from your PC to their Proxy. They also hide your IP and MAC address which helps prevent tracking. Encryption from their proxy to the website is going to be dependent on the website having an encrypted connection with a valid SSL certificate. A self signed SSL cert can also be encrypted but it is vulnerable.
        Great info for sure. I wanted to clarify a few technical terms/items, please correct me if I'm wrong. I swear i am not trying to be pedantic.

        1. The proper technical term for a VPN would be a tunnel instead of a proxy. A proxy will forward your traffic and act is the intermediary but can also x-forward your origin headers. A tunnel/vpn is analogous to changing your route point to the internet, as well a tunnel does 0 translation where as a proxy can.



        2. Your MAC address is only accessible on the nearest physical hop, it is not passed to the end point. For instance if you're behind a home router, only the home router will see your machines mac address.

        3. A self-signed SSL is just as secure as a 'real' certificate. Man-in-the-middle attacks make both self and signed certificates vulnerable. The only difference with purchased signed certificates is they provide you a CA ( certificate authority ) that will verify that your SSL is valid or not. With self-signed, unless you add your own CA ( which I've done before for internal certs ) manually to your browsers, you will get a security message indicating its insecure. It is safe to accept this, however if that message ever pops up again saying that the SSL has change, I would be worried.

        Comment

        Working...
        X