OpenVPN

OpenVPN Protocol (OpenVPN)

With OpenVPN, you can tunnel any IP subnetwork or virtual ethernet adapter over a single UDP or TCP port. It uses all of the encryption, authentication, and certification features of the OpenSSL library to protect your private network traffic as it transits the internet.

OpenVPN has two authentication modes:

For TLS authentication OpenVPN uses a custom security protocol which is described here on this WIKI page. This protocol provides the SSL/TLS connection with a reliable transport layer (as it is designed to operate over). It's second job is to multiplex the SSL/TLS session used for authentication and key exchange with the actual encrypted tunnel data stream.

SSL/TLS -> Reliability Layer -> \
           --tls-auth HMAC       \
                                  \
                                   > Multiplexer ----> UDP
                                  /                    Transport
IP        Encrypt and HMAC       /
Tunnel -> using OpenSSL EVP --> /
Packets   interface.

History

I couldn't find any historical information about this protocol.

Protocol dependencies

Example traffic

openvpn<span data-escaped-char>_</span>sample<span data-escaped-char>_</span>traffic.png

Wireshark

The OpenVPN dissector is fully functional and included with Wireshark as of version 1.10.0.

Preference Settings

openvpn<span data-escaped-char>_</span>preferences.png

Example capture file

Display Filter

A complete list of OpenVPN display filter fields can be found in the display filter reference

Show only the OpenVPN based traffic:

 openvpn 

Capture Filter

You cannot directly filter OpenVPN protocols while capturing. However, if you know the UDP or TCP port used (see above), you can filter on that one.

Capture only the openvpn traffic over the default port (1194):

 udp port 1194 

or

 tcp port 1194 

External links

Discussion


Imported from https://wiki.wireshark.org/OpenVPN on 2020-08-11 23:17:42 UTC