Thread: pf.conf help?
View Single Post
  #10   (View Single Post)  
Old 23rd January 2018
Prevet Prevet is offline
Shell Scout
  
Join Date: Oct 2017
Posts: 84
Default
Quote:
Originally Posted by jggimi View Post
As follow-up:

The purpose of a VPN is to permit authentication, data assurance, and (optionally) privacy between nodes residing on an untrusted network. VPN technologies vary, but in all cases the member nodes of the VPN must be able to address communication to each other. IP ADDRESS MUST BE KNOWN.

The communication internal to a VPN includes authentication and other security mechanisms to provide assurance to the member nodes that the data is authentic and unchanged. It may also include encryption to provide a measure of privacy. External inspection of the VPN traffic WILL disclose the addresses of the member nodes, whether encryption is used or not.

Any data that transits the VPN and continues on to the Internet no longer has any expectation of authentication, data assurance, or privacy except as offered by the communication protocols deployed in the application (e.g: HTTPS over TCP).

In Network Address Translation (NAT), sending and receiving IP addresses are substituted by the router as packets are forwarded in each direction. This is commonly used in local networks where multiple devices share a single IP address on the Internet:

[local devices] - [NAT router] - the Internet

If a VPN network is used with a NAT router to transship data through the Internet, such as by a "VPN Service Provider", the connections are similar:

[VPN nodes] - [NAT router] - the Internet

I understand it is encrypted when it goes from your computer to the VPN and when it leaves the VPN it becomes normal Internet traffic again.

I have read that VPN users are seen as a big political threat by governments like China and Russia, because they have free access to information, so they banned all VPN operators. I also understand there have been similar calls to ban them in the UK. So if a VPN doesn't prevent its users from identification, why don't they move in and arrest the political dissidents?


Quote:
Originally Posted by jggimi View Post
I'll disagree, because there are known cases of ALL packets transiting commercial service providers being logged by state actors.
Yes, they would vacuum them up like they do all Internet traffic, but how do they know who is who, unless the VPN user is silly enough to use their real name?


Seriously it is not meaningful for me to have this discussion with you, as I don't have your knowledge. But I do know one VPN provider who could discuss this with you meaningfully. Would you be willing to post in their forums? I would be interested to see how they respond..

They also offer Tor use with the VPN. You connect to them with Tor so not even they know who you are.
Last edited by Prevet; 23rd January 2018 at 04:58 PM.
Reply With Quote