HTTPS through VPN

Cheetah Designs · 5 Aug 2012 at 20:02

If you are connected to a VPN and visit a HTTPS site, encryption between the website and the vpn-server or the vpn-client and the website?

(Ignoring all VPN encryption)

Also...is it likely that a VPN-server would cache/log what clients visit under a standard configuration...or would something like that have to be purposely setup?

KIA · 5 Aug 2012 at 20:29

Client & the website. Traffic travels over the VPN.

Logging would depend on the VPN server configuration.

Cheetah Designs · 6 Aug 2012 at 10:16

KIA said:
Client & the website. Traffic travels over the VPN.

Logging would depend on the VPN server configuration.

Am I right in saying that if it logs HTTPS traffic, it wouldn't actually be able to decrypt anything? Or am I wrong because the certificate would have been sent unencrypted?

edscdk · 6 Aug 2012 at 10:31

Cheetah Designs said:
If you are connected to a VPN and visit a HTTPS site, encryption between the website and the vpn-server or the vpn-client and the website?

(Ignoring all VPN encryption)

Also...is it likely that a VPN-server would cache/log what clients visit under a standard configuration...or would something like that have to be purposely setup?

assume everything is logged, its like asking "if I walk down a unspecified road in some town some where will I be seen on CCTV"...

visibleman · 6 Aug 2012 at 10:50

With SSL the encryption is between the client/browser and destination/website; the VPN connection is secondary to this.
If the provider was to log then it would only show the source, destination and encrypted SSL data.

However a MITM attack could be possible but it'd either require spoofing the destinations certificate or spoofing certificates and passing the traffic through a proxy (which would require to accept the VPN's/Proxy certificate).

Cheetah Designs · 6 Aug 2012 at 12:45

edscdk said:
assume everything is logged, its like asking "if I walk down a unspecified road in some town some where will I be seen on CCTV"...

Its my own VPN I'm using but I don't actually know anything other than how to follow an internet guide to set one up....

however, I did not completely blindly set it up...I was actually aware of what I was doing at the time and would have checked what something did before I executed the commands....however I don't have the skill to now go back and check what I did.

visibleman · 6 Aug 2012 at 15:47

If it's your own VPN and you have box/root access then disable logging (if it's OpenVPN then you can use the switches --log-destination or --log-level) if you're worried.