-
-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MITM attack( man in the middle ) between vpn Azure and my vpn server #1765
Comments
Yes, as long as the verify code works correctly, this avoid MITM attacks. Your client connect to the (unverified) server. Now it ask for "proof" that the server is the REAL server. At the end, you have an encrypted channel to the server and the validated certificate proofs, thats the real server and not an fake one. And because the channel is encrypted, vpnazure can't manipulate them. But of course, it can stop relaying. |
You seem to be mixing up a few things.
|
i read the issue #1094.
acttually ,I do care about opening the souce code of vpn azure, i care about how it work to avoid mitm acctack.
when i use softether vpn client on windows to connect to vpn azure, then azure relay to my real vpn server, i checked the option "always verify server certificates“, then i got a warning of certificates says lets encrypt r3 is unknow,
so i visit to https://letsencrypt.org/zh-cn/certificates/
find the certificate:
Let’s Encrypt R3 (RSA 2048, O = Let's Encrypt, CN = R3)
i download the file
https://letsencrypt.org/certs/lets-encrypt-r3.pem
and add it to "manage trusted CA certificate list"
then i connect to vpn azure without warning.
I am happy to think that i avoid the MITM attack.
but how it work between azure relay to my real vpn server?
may i know if the comminication with verifying certificates to aviod mitm attack?
The text was updated successfully, but these errors were encountered: