Check the number of nodes in a VPN solution?

I

Igor2012-03-11 17:20:26

VPN

Igor, 2012-03-11 17:20:26

There is some service that sells VPN access. Some of its configs provide (according to the authors) a double or even triple VPN. Those. traffic does not pass through 1 computer, but through 2 or 3.
The tracing with a double VPN looks like this:

traceroute www.google.com
traceroute to www.google.com (74.125.232.114), 30 hops max, 60 byte packets
1 10.109.0.1 84.353 ms 84.717 ms 85.308 ms
2 10.44.0.2 (10.44.0.2) 105.693 ms 105.782 ms 167.623 ms
3

while the OpenVPN client config looks like this:

client
dev tun
proto tcp-client
remote-random
remote 106.4.72.192 5624
remote 25.75.73.197 5622
remote 82.17.86.249 5624
tls-auth keys/ta.key 1
ca keys/ca.crt
cert keys/client.crt
key keys/client .key
ns-cert-type server
resolv-retry infinite
nobind
persist-key
persist-tun
reneg-sec 0
redirect-gateway def1
keysize 256
comp-lzo
verb 1
log-append log/Double_VPN.log
status log/Double_VPN-status.log
script-security 2
auth-nocache
auth-user-pass
#auth-user-pass auth
up scripts/se1_up
down scripts/down

those. 3 servers are indicated in the config, and according to the trace I see 2 (the third one is Google itself),
but here is the picture for a triple VPN:

traceroute to www.google.com (74.125.157.99), 30 hops max, 60 byte packets
1 10.61.0.1 (10.61.0.1) 86.444 ms 86.464 ms 86.461 ms
2 * * *
3 10.25.0.2 (10.25.0.2) 255.967 ms 256.218 ms 256.383 ms
4 gy-in-f99.1e100.net (74.125.157.99) 309.563 ms

and for it the config looks like:

client
dev tun
proto tcp-client
remote-random
remote 85.3.46.111 5600
##remote 86.71.34.111 5602
#
tls-auth keys/ta.key 1
ca keys/ca.crt
cert keys/client.crt
key keys/client.key
ns-cert-type server
resolv-retry infinite
nobind
persist-key
persist-tun
reneg-sec 0
redirect-gateway def1
keysize 256
comp-lzo
verb 1
log-append log/Triple-VPN.log
status log/Triple-VPN-status .log
script-security 2
auth-nocache
#auth-user-pass
auth-user-pass auth
up scripts/pa1_up
down scripts/down

those. here in the config 2 servers are specified.
Can anyone comment on where in the end is a double VPN and where is a triple one?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

kolobob, 2012-03-11
@kolobob

The second config contains one server, as far as I can see. In the first one, the remote-random
option plays a role , which is needed to balance the load on the servers. It makes it so that you each time connect to a "random" server from those specified in remote . I still do not understand what is meant by "triple" and "double" VPNs. If the VPN is inside the VPN, then this is one thing. In this case, as far as I remember, in the trace you should not see anything other than the start and end points of the "innermost" VPN network. If you see "outer layers", that's bad. If this means balancing, then triple is the first, because there are three servers waiting for connection, and double is the second, if you uncomment the line ##remote 86.71.34.111 5602
If we mean three hosts through which traffic passes in sequence, then double is the first. Because in this case we can theoretically see the hops, and in the first trace we clearly see that there are two of them. By the elimination method, we get that the second config is a triple VPN.
But this is all with a pitchfork on the water. Surely something can be said by looking at their servers from the inside.

V

ValdikSS, 2012-03-11
@ValdikSS

Double and triple vpn is done not by means of the config, but by means of tunneling from one vpn server to another, this is configured by the administrator and you cannot change it.