ExpressVPN
From neil.tappsville.com
Jump to navigationJump to searchexpressVPN
What is the next thing to test once the LI functions are working.. do what the bad guys do.
Scenario: ISP -> External Router --> Internal Router with OpenVPN --> Test Host.
Observations
What is seen
UDP packets on the client side - high port, server side udp port 1195
Downstream (Content) of generally 676 and 680 bytes Upstream (ACKs) of generally 109 bytes
DNS
tshark dump of dns requests - endpoint is resolved as the expressVPN openVPN tunnel is established, no dns requests from the client behind the internal router from this point on.
SOURCEv4 ISP_DNS newzealand-ca-version-2.expressnetw.com SOURCEv4 ISP_DNS newzealand-ca-version-2.expressnetw.com SOURCEv6 ISP_DNSv61 newzealand-ca-version-2.expressnetw.com SOURCEv6 ISP_DNSv6 newzealand-ca-version-2.expressnetw.com SOURCEv6 ISP_DNSv61 Nz.pool.ntp.org SOURCEv6 ISP_DNSv61 Nz.pool.ntp.org SOURCEv4 ISP_DNS cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com SOURCEv4 ISP_DNS cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com SOURCEv6 ISP_DNSv61 cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com SOURCEv6 ISP_DNSv6 cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com
HTTP / Other
Nothing seen from inside the tunnel.
