3

I'm planing to build a device (prototype) that act as a portable security gateway. To make this, I choosed OpenWRT running on Raspberry Pi with OpenVPN for VPN connection. My main purpose of this build is develop a unit (prototype), that single individual can use with easy configurations which protect him from DPI solutions.

As we know, there are many sophisticated network security appliances (NGFWs), that have state of the art DPI capabilities. As per the my knowledge, securing SSL traffic from this kind of devices are impossible.

My question is: Can OpenVPN alone protect user from the kind of interception (and SSL decryption) or do they need further layers of protection?

sameera
  • 227
  • 1
  • 3
  • 10

1 Answers1

2

DPI threats against OpenVPN is pretty hard, unless the attacker somehow grabs the random, freshly generated session keys which is transmitted over an SSL connection. The SSL connection, in turn, is secured using a pre-shared certificate and a secret server certificate. So an attacker would need to compromise the server itself. Usually, said attackers would not go through the trouble of compromising a very secure server unless the target is high-profile.

Deep packet inspection, as far as I know, is usually effective in non-encrypted connections. HTTPS is usually effective in foiling DPI unless you are up against powerful entities (rich kids, government, etc.)

This is the gist of my point. For further reading, refer to my sources below.

Sources:

https://openvpn.net/index.php/open-source/documentation/security-overview.html

TLS Authentication/OpenVPN/MITM Attacks on Public Wifi

How is it possible that people observing an HTTPS connection being established wouldn't know how to decrypt it?

Community
  • 1
Aloha
  • 900
  • 7
  • 14