Penetration Testing mailing list archives

Re: OpenVPN traffic

From: David Howe <DaveHowe.Pentest () googlemail com>
Date: Thu, 17 Dec 2009 13:00:23 +0000

Jack Carrozzo wrote:

Some people use static keys (quite a few in my experience). In that
case, if you can get the keyfile you're all set.


Sure. and in this test case I have access to the server pem files too,
but its getting "inside the envelope" to see the otherwise unencrypted
traffic inside the tunnel I am having problems with. There appear to be
no analysis tools out there at all to look at the traffic - and I mean
at all, not even a wireshark "this is an openvpn key packet" basic
dissector.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Pentest Cisco Paulo Ribeiro (Dec 08)
- Re: Pentest Cisco Daniel Hood (Dec 08)
  - OpenVPN traffic David Howe (Dec 15)
    - Re: OpenVPN traffic lorddoskias (Dec 15)
    - Re: OpenVPN traffic Chris Clymer (Dec 15)
    - Re: OpenVPN traffic David Howe (Dec 15)
    - Message not available
    - Re: OpenVPN traffic David Howe (Dec 21)
- Re: Pentest Cisco Edin Dizdarevic (Dec 15)
- Re: Pentest Cisco Sat Jagat Singh (Dec 15)