OpenVPN Protocol (OpenVPN)

With OpenVPN, you can tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port. It uses all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet.

OpenVPN has two authentication modes:

For TLS authentication OpenVPN uses a custom security protocol which is described here on this WIKI page. This protocol provides the SSL/TLS connection with a reliable transport layer (as it is designed to operate over). It's second job is to multiplex the SSL/TLS session used for authentication and key exchange with the actual encrypted tunnel data stream.

SSL/TLS -> Reliability Layer -> \
           --tls-auth HMAC       \
                                  \
                                   > Multiplexer ----> UDP
                                  /                    Transport
IP        Encrypt and HMAC       /
Tunnel -> using OpenSSL EVP --> /
Packets   interface.

History

I couldn't find any historical information about this protocol.

Protocol dependencies

Example traffic

openvpn_sample_traffic.png

Wireshark

The OpenVPN dissector is fully functional and included with Wireshark as of version 1.10.0.

Preference Settings

openvpn_preferences.png

Example capture file

Display Filter

A complete list of OpenVPN display filter fields can be found in the display filter reference

Capture Filter

You cannot directly filter OpenVPN protocols while capturing. However, if you know the UDP or TCP port used (see above), you can filter on that one.

Discussion

OpenVPN (last edited 2013-06-27 15:16:33 by ChristopherMaynard)