-1

I did not understand some things regarding the VPN.

How is the VPN tunnel established? My computer and the end VPN server need to exchange some info to establish a tunnel? (some kind of handshake or do I miss something?)

How VPN packet finds a way to the destination machine if the entire ip-datagram is encrypted? I understand that the packet is is encapsulated within another packet, but the source and destination IP must be the same or?

E.g. I am in a restaurant, and I connect to my corporate network via VPN.

so is: MyComp -> restaurantRouter -> internet -> routerCorp-> specific server corp

If someone between 2 routers sniffs the packets, they can see that the packet goes from restaurantRouter to routerCorp? right? Or they cannot see the full path?

If someone between MyComp and restaurantRouter sniffs the packets, what they can see? Can they see source and destination ip?

The restaurantRouter or their ISP knows that I am sending packets to routerCorp?

Does the restaurantRouter or the ISP knows the content of the packets or are they already encrypted when they reach the restaurantRouter ?

Do the packets travel same path or this has nothing to do with the tunneling?

EDIT: By the last question I meant: Does the VPN packets travel the same hops (different routers) between restaurantRouter and routerCorp or is just a normal packet switching travel? (because the word tunneling confuses me, and I am not sure if this means also that the packets travels the same route all the time from beginning till the end of the VPN session)

user155293
  • 113
  • 4
  • How the VPN tunnel is established depends (in part at least) on what kind of VPN you are using (SSL or IPSEC), as well as which protocols are involved. I suspect your question might be a better fit for the site if you were to ask about the protections provided by a VPN generally (and what weaknesses might cause those protections to be overcome). – iwaseatenbyagrue Mar 07 '17 at 15:53

2 Answers2

1

How is the VPN tunnel established? My computer and the end VPN server need to exchange some info to establish a tunnel? (some kind of handshake or do I miss something?)

VPNs do implement authentication, depending on the authentication method different steps are involved. Common methods for authentication are Extensible Authentication Protocol, MS CHAP, PAP, SPAP, etc...

How VPN packet finds a way to the destination machine if the entire ip-datagram is encrypted?

VPN clients may update the local routing table from a given set of rules provided by the VPN concentrator.

If someone between 2 routers sniffs the packets, they can see that the packet goes from restaurantRouter to routerCorp? right? Or they cannot see the full path?

Every internet packet has a destination and a source, that is part of the packet header and is not encrypted, so yes, anyone sniffing the network could see that a packet went from point A to point B, the content of the packet would be encrypted though.

Do the packets travel same path or this has nothing to do with the tunneling?

In general internet topology the specific route is never guaranteed. A middle node may become unavailable and another node replaces it, this is normal and has nothing to do with tunneling.

Purefan
  • 3,560
  • 19
  • 26
1

How is the VPN tunnel established? My computer and the end VPN server need to exchange some info to establish a tunnel? (some kind of handshake or do I miss something?)

You need a client application on your laptop for the VPN that your corporation uses. The client application will perform the handshake for you in order to establish a secure connection to your corporation's network.

How VPN packet finds a way to the destination machine if the entire ip-datagram is encrypted? I understand that the packet is is encapsulated within another packet, but the source and destination IP must be the same or?

Your client application will likely install some type of virtual network adapter. This adapter will translate incoming and outgoing packets based on some type of session ID and/or traffic characteristics (for example, port numbers).

If someone between 2 routers sniffs the packets, they can see that the packet goes from restaurantRouter to routerCorp? right? Or they cannot see the full path?

Yes they will be able to see the IP of routerCorp.

If someone between MyComp and restaurantRouter sniffs the packets, what they can see? Can they see source and destination ip?

Yes they will see the source and destination IPs, but the data is encrypted.

Does the restaurantRouter or the ISP knows the content of the packets or are they already encrypted when they reach the restaurantRouter ?

They are encrypted on your computer before being sent out to restaurantRouter.

Do the packets travel same path or this has nothing to do with the tunneling?

Technically there's no guarantee that the same hop path will be taken.

Tunneling simply means that you've encapsulated one protocol with another protocol. In this case, you've encapsulated your data using a secure protocol (VPN client), and you're using IP/TCP to transmit this secure data.

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
  • @RoraZ I just edited the last question – user155293 Mar 07 '17 at 15:35
  • @RoraZ so basically the traffic is already encrypted when it leaves my computer? So there is no chance that someone who is between MyComp and restaurantRouter can see something? apart the source and destination IP – user155293 Mar 07 '17 at 15:38
  • @user155293 This is correct. Assuming that the VPN that is being used has implemented its security properly. – RoraΖ Mar 07 '17 at 17:13