vpn tunnel

If it doesn't fit anywhere else, it will fit here.
Post Reply
ramiia
Corporal
Posts: 129
Joined: Mon Jul 16, 2007 11:23 pm
Location: Sampo 69

vpn tunnel

Post by ramiia » Mon Apr 04, 2016 10:57 am

in simplest terms does it works like a proxy or vpn tunnel is far better than proxy with regard to complete anonymity?

*22 views lol*

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: vpn tunnel

Post by Cool_Fire » Wed Apr 06, 2016 1:40 pm

The main difference is what level of the ISO stack they sit on. A VPN tunnel is a routed virtual network device handled by the OS/network stack. A proxy is an application level affair, handled by the application itself or a user-space wrapper.

In practice this means you will always have to tell your application to send its traffic to a proxy, either by configuring the proxy in the application or wrapping your application with something like socksify. When you have a virtual network device your OS decides if it's going to use the VPN tunnel based on your routing table, so if you want to route everything over your VPN tunnel you can do so without any extra app config/wrappers. The applications have no choice in the matter.

As far as security/anonymity goes: It entirely depends on the configuration of the proxy/vpn server. Pretty much any common form of authentication/encryption that can be used with a VPN tunnel can also be used with a proxy and vice-versa.

In practice it seems to be that VPN providers usually have more secure defaults. Still, a VPN provider can absolutely offer crappy or no auth and a broken or low grade encryption scheme.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

User avatar
Securex
n00b
Posts: 2
Joined: Sat Jan 02, 2016 2:01 am

Re: vpn tunnel

Post by Securex » Thu Apr 14, 2016 11:56 pm

For anonymous browsing you can just use Socks 5. It's better than proxy.
But for more anonymity and security you must also use techniques like VPN.
Better is to use the chain of VPN and socks.
IPleak.com - Check your VPN or Proxy!
Temp-Mail.org - Disposable Temporary email

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: vpn tunnel

Post by Cool_Fire » Fri Apr 15, 2016 2:21 am

Securex wrote:For anonymous browsing you can just use Socks 5. It's better than proxy.
Socks5 is better than a proxy? I don't follow. Last I checked socks5 was a proxy protocol.
Securex wrote:But for more anonymity and security you must also use techniques like VPN.
Can you explain why a vpn is better for anonymity and security?
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

User avatar
Securex
n00b
Posts: 2
Joined: Sat Jan 02, 2016 2:01 am

Re: vpn tunnel

Post by Securex » Sat Apr 30, 2016 1:47 am

Cool_Fire wrote:
Securex wrote:For anonymous browsing you can just use Socks 5. It's better than proxy.
Socks5 is better than a proxy? I don't follow. Last I checked socks5 was a proxy protocol.
Securex wrote:But for more anonymity and security you must also use techniques like VPN.
Can you explain why a vpn is better for anonymity and security?
It depending on protocol features. I can recommend you to find a good socks 4/5 service..
For VPN is the same.
I known good VPN providers with features:
- Unparalleled traffic encryption with a 4096-bit key
- Double and Triple VPN chains in a different countries.

And VPN encrypt all your trafic unlike proxy.

I think it's better for privacy
IPleak.com - Check your VPN or Proxy!
Temp-Mail.org - Disposable Temporary email

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: vpn tunnel

Post by Cool_Fire » Sat Apr 30, 2016 6:16 am

It's not quite as straight forward as you're making it out to be.
Securex wrote: And VPN encrypt all your traffic unlike proxy.
There's two ways of reading this sentence, so I'll address both;

Interpretation 1: "A VPN catches all your traffic, a proxy only some of it."
For both VPN and Socks proxies, they only transport (and encrypt) what you tell them to. You can pass mostly any type of common traffic through both, the only difference here is that a VPN usually has a 'catch everything' setting by default.

Interpretation 2: "A VPN encrypts traffic, a proxy does not."
This is really a matter of configuration. There's no technical reason a VPN has to encrypt traffic, and in fact you can turn encryption off for almost all VPN implementations. For socks proxies, as far as I know it depends entirely on the transport layer's encryption. For example if you're doing Socks5 off the back of SSH, it'll be encrypted. But again, there is nothing enforcing encryption to happen here.

To make a long story short; It's not a case of "one encrypts traffic, the other does not." It depends entirely on the configuration in both cases.


Side notes:
Securex wrote: - Unparalleled traffic encryption with a 4096-bit key
Key size is not the only parameter that matters. You can have the worlds biggest key but if it's for a broken encryption algorithm it's perfectly useless.
On the other side, not all algorithms need equally large keys. For some algorithms a 4096-bit key might be a reasonable suggestion, but for others it's way, way overkill and will probably require way too much processing power overhead to be useful as a VPN anymore.

But even that's not the end of the story. You should also look at forward secrecy. Really this means that it should not be possible for someone to decrypt captured traffic at some later point if the server's key is ever compromised. And this depends entirely on the encryption algorithms being used.

So the moral of this story is; look at the type of encryption used by the vpn/proxy provider and check if it meets the standards you need.
Securex wrote: - Double and Triple VPN chains in a different countries.
This is really a case of "use only when needed". If you're just trying to get out of a specific network or country, there's usually really no reason to chain your vpns/proxies. If you want to be really sure someone isn't able to track you down from the remote side, chaining might be a good additional layer of obstruction.
Also note that chaining isn't the same as layering. Chaining will have your traffic decrypted and re-encrypted at every link, meaning that might be a weak point where it can be more easily intercepted. Layering means you wrap the first vpn/proxy with the second, then wrap that whole thing with the third etc. There won't be any weak links where the traffic is unencrypted that way, but it is much harder on your endpoint as it has to now do encryption for all your layers instead of just for the first link in your chain.

But both these methods increase the overhead on your traffic with each extra link/layer. Latency will be higher and throughput will be lower. This is why it's usually not a good idea to do if it's not needed.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply