I would like to know if OpenVPN (SSL VPN) can be intercepted by by proxy appliances like Cisco Ironport & Bluecoat amongest others? I raise this question because comapnies are now interecpting HTTPS trafiic using these appliances with fake certficates. This allows the decypting of HTTPS without the enduser aware that it is happening.
I have not been able to find any reference on the net to this my question. My question to the Security experts are is OpenVPN susceptable to interception since it also relies certficiates? If OpenVPN can be intercepted what are the technical details of how this is done.
I don't know OpenVPN personally, but any application that uses SSL should verify that the certificate presented by the peer is valid and belongs to the peer.
E.g. when the Cisco Anyconnect client receives a fake cert from a proxy then it will either (depending on version and settings)
- deny the connection and inform the user why, or
- inform the user of the certificate mismatch and offer options to cancel the connection or continue anyway.
So "decrypting of HTTPS without the enduser aware" can only happen if the application is not doing proper certificate validation, or if the user just clicks continue without realizing what he is doing (a very real threat nowadays, unfortunately).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :