• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

SSL VPNs and Using OpenVPN

March 7, 2006

Views: 28,570

[ad]

Requirement: To connect to a VPN server in a different country.

Situation: A country which has proxies at every gateway.

Issues: VPN based on IPSec is fussy when it comes across networks which are NAT’ted/ proxied. The Security Parameters Indexes don’t match and clients do not get connected.

Objective: To connect VPN server in a corporate network using some flexible VPN which I can run on any port/transport protocol so as to bypass the port/protocols/applications restriction.

Using these factors I came to conclusion that I needed SSL VPN solution. The following article explains the SSL VPN nuances and advantages of using them in certain situations.

Contents:

  1. What is an SSL VPN
  2. Why OpenVPN
  3. brief How-to (site-to-site and client to site)
  4. Nutshell

1. What is an SSL VPN

For a very long time, people in information security have thought IPSec is THE VPN and SSL is for secure online banking. While SSL has traditionally been used for Web site security purposes, SSL’s applications reach wider than just web proxying and application security.

Traditional SSL VPN started off with products that were more like SSL gateways instead of true VPNs. These products cannot be really termed as VPN but more like “Secure Remote Application Access”.

They thrive on a management facade called “Clientless VPN”. A VPN that can be established with any web browser without installing a software component sure promise less pain for users and administrators alike, but it comes with certain caveats that we will talk about later.

In the past, IPSec has been used as THE technology to create a VPN Site-to-site or site-to-client tunnel. IPSec has since long enjoyed widespread implementation because of its monopoly on function, although it has received its fair share of criticism for being too complex, and tightly coupled with Operating System.

IPSec came out in November 1988 with a series of RFC’s defining the protocols necessary to create VPNs. This RFC (2401-2412) represented a backbone of IPSec technologies. While IPSec does provide for a framework to establish a secure tunnel, it comes with a lot of complexity. Since complexity and security is inversely proportional, there are so many things with IPsec that may go wrong with wrong implementation. Thoroughly understanding everything and grappling with issues like Nat-T is something not everyone would be comfortable with.

Apart from that, IPSec being coupled tightly with Operating System doesn’t induce a sense of security. Any program integrated with kernel is against secure computing architecture. A wrong implementation or a security breach could take down the whole system.

Understanding the fact that IPSec is complex, industry started moving towards SSL based Remote Access solutions which may not be as secured as we want them to be. It’s because of the fact that a lot of these solutions push web browser as the client which can be used at any machine. The issue of ANY machine connecting to central site may not be very desirable as machines in cybercafes or public terminals do not form a part of control domain. Its desirable to run your upper layer protocols over SSL because it’s widely implemented and allowed in majority of packet filters.

Yeah…..but WHY OpenVPN??

Read on in Part II

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Linux Hacking, Networking Hacking Tools, Security Software Tagged With: Information-Security, network-security, Open-Source-Software, openvpn, SSL, ssl-vpn, VPN



Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

AgentSmith HIDS - Host Based Intrusion Detection

AgentSmith HIDS – Host Based Intrusion Detection

padre - Padding Oracle Attack Tool

padre – Padding Oracle Attack Exploiter Tool

Privacy Implications of Web 3.0 and Darknets

Privacy Implications of Web 3.0 and Darknets

DataSurgeon - Extract Sensitive Information (PII) From Logs

DataSurgeon – Extract Sensitive Information (PII) From Logs

Pwnagotchi - Maximize Crackable WPA Material For Bettercap

Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap

HardCIDR - Network CIDR and Range Discovery Tool

HardCIDR – Network CIDR and Range Discovery Tool

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (225)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (430)
  • Forensics (64)
  • Hacker Culture (8)
  • Hacking News (228)
  • Hacking Tools (681)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (72)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (218)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,181,326)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,172,343)
  • Top 15 Security Utilities & Download Hacking Tools (2,095,333)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,198,671)
  • Password List Download Best Word List – Most Common Passwords (931,797)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (774,426)
  • Hack Tools/Exploits (672,580)
  • Wep0ff – Wireless WEP Key Cracker Tool (528,834)

Search

Recent Posts

  • AgentSmith HIDS – Host Based Intrusion Detection August 31, 2023
  • padre – Padding Oracle Attack Exploiter Tool May 28, 2023
  • Privacy Implications of Web 3.0 and Darknets March 31, 2023
  • DataSurgeon – Extract Sensitive Information (PII) From Logs March 21, 2023
  • Pwnagotchi – Maximize Crackable WPA Key Material For Bettercap February 12, 2023
  • HardCIDR – Network CIDR and Range Discovery Tool December 29, 2022

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2023 Darknet All Rights Reserved · Privacy Policy