7

I connect to my VPN provider using openVPN. The server uses a combination of username / password and TLS authentication.

If I am on a public wifi and connecting to my VPN, is my username encrypted?

In other words, could my username be sniffed out?

slick1537
  • 173
  • 4
  • by "TLS authentication" do you mean "*client certificates*" or do you mean *"username + password over TLS"*? – SEJPM Apr 03 '16 at 13:23
  • Both I think? So to connect there is username/password, a certificate ending in .pem, and a TLS certificate ending in .key. – slick1537 Apr 03 '16 at 13:24

2 Answers2

5

If I'm reading your question correctly, you're connecting to your VPN using a combination of TLS client authentication and username / password combination.

In this case a MitM attacker can read the full contents of the client certificate (link to the relevant message in the handshake protocol), which may include your username. The attacker can not read the username / password combination because they're sent after the TLS handshake is completed and thereby encrypted.

The mitigation is simple on the protocol level: Don't make a mutually authenticated connection to the server outright, but a unilaterally authenticated one and then let the server initiate a renegotiation with client authentication. This is different, because the conection will be encrypted using the cipher suite from the first connection and so an attacker can't eavesdrop on your client certificate.

If this mitigation isn't possible for whatever reason, you can try and make the two user names unique and distinct. For example you could assign the user a fully random common name in the certificate, which is checked in the internal database / access control list to a) be allowed access and b) match the readable / human-chosen password. This way an attacker can not learn the user name needed for the username / password pair. As far as I can tell, such a setup is possible with OpenVPN.

Community
  • 1
SEJPM
  • 9,500
  • 5
  • 35
  • 66
  • What's the openvpn configuration to do that? – Z.T. Apr 03 '16 at 13:56
  • @Z.T., I don't know. I gave the answer based on my knowledge of TLS and what would be the most standard way to hide the client cert (which is renegotiation) while avoiding double encryption and obscure non-standard TLS extensions. I do no know whether openVPN supports deferred client authentication or not. – SEJPM Apr 03 '16 at 18:48
  • I followed my advice from this (http://security.stackexchange.com/a/96515/70830) and wireshark'd an openvpn connection. At least in the default configuration, the username IS transmitted in the clear. – Z.T. Apr 04 '16 at 14:10
  • @Z.T. the username from the certificate or the username from the username / password pair? – SEJPM Apr 04 '16 at 18:36
  • The certificate is transmitted in the clear. I didn't see the username from the user/password in the dump, but I can't guarantee the iser/password pair are transmitted only inside the TLS channel. – Z.T. Apr 04 '16 at 18:53
1

I hope I read your question correctly, but if you are connecting through a VPN the moment that tunnel is created all data between the point-to-point VPN tunnel would be encrypted. This includes the packets traveling from your device over the Wifi.

I would be willing to bet that if it requires a username/password to create the VPN tunnel it is most certainly being passed encrypted before the tunnel is created, probably with https, which uses TLS/SSL.

An attacker would have to have the keys to decrypt the data as a normal sniffer trying to view your traffic would only see what appears to them as gibberish.

Unless the attacker was able to find an exploit or obtain the keys, all information passed including your username and password would indeed be encrypted.

Jeff Meigs
  • 277
  • 1
  • 8