2

Yesterday my ISP dropped my connection for several hours. This idea came to me during that time.

Is it possible for my ISP to do MITM attack on my VPN when he knows I start it almost instantly as he turns on my connection again?

Well, I don't know much about these things, so I better re-phrase to be crystal clear and mention some things that might be important:

  • System: Linux Mint 18.2, kernel 4.10

  • VPN: Private Internet Access

  • OpenSSL: Version 1.0.2

  • Certificate:

    /home/<username>/.pia_manager/data/ca.crt

I only imagine that the ISP could interscept the initial handshake and by that possibly decrypt the communication? Is something like that possible?

LinuxSecurityFreak
  • 1,562
  • 2
  • 18
  • 32
  • 4
    Possible duplicate of [Does using a VPN completely stop MITM (man in the middle) attacks? If not, what other defences should I consider?](https://security.stackexchange.com/questions/104486) and [My ISP uses deep packet inspection; what can they observe?](https://security.stackexchange.com/questions/155057) and [Are VPNS vulnerable to active man in the middle attacks?](https://security.stackexchange.com/questions/77241). – Steffen Ullrich Aug 26 '17 at 14:31

1 Answers1

4

Not if your VPN client is verifying the certificate of the VPN server. VPNs (particularly OpenVPN) are very similar to TLS: a server certificate is cryptographically verified as part of the connection setup. Without a valid certificate for the host (or, depending on your configuration, the exact same certificate) on their MITM server, your client will just reject the connection.

Technical means aside: unless you're doing something really shady, you're likely not that interesting to your ISP that they would want to MITM you. They have lots of other problems to deal with.

David
  • 15,814
  • 3
  • 48
  • 73
  • 1
    The exception to the last part is if your ISP is controlled by the Chinese government, and they want to use you in a JavaScript DDoS like in the GitHub case. – multithr3at3d Aug 26 '17 at 16:56