Questions

Answer for:

Is it possible? Double security through vpn ?

Message 5 of 10

View entire thread
+
2 Votes
robo_dev

Sorry to give a whole security lecture here but....

First of all, a properly configured point-to-point IPSEC VPN, when connected, has very little attack surface.

When VPN router A is connected to VPN router B, you cannot connect a rogue VPN to router A, for example....the tunnel is already established. (The pattern is full)

Of course setting up the tunnel COULD be a point of entry, but only when the connection is offline...but a shared secret cannot be brute forced and also guessing and spoofing the remote IP address gets a bit complicated. Any device on the Internet will get probed, but the main security risk out there are USER VPNs, not site-to-site VPNs.

With VPN hacking tools like ikescan somebody can determine if aggressive mode and a pre-shared key is in use, but if the device is in 'main mode' with a certificate then it's safe enough for the Pentagon at that point.

Once the tunnel is established, you're relying on the strength of the encryption mainly, but typically unless you're on a military base in enemy territory, someone is not going to be intercepting and trying to cryptoanalyze your every packet.