Difference between revisions of "ExpressVPN"
From neil.tappsville.com
Jump to navigationJump to search (Created page with "=expressVPN= What is the next thing to test once the LI functions are working.. do what the bad guys do. Scenario: ISP -> External Router --> Internal Router with OpenVPN --...") |
m |
||
Line 9: | Line 9: | ||
===What is seen === | ===What is seen === | ||
+ | |||
+ | UDP packets on the client side - high port, server side udp port 1195 | ||
+ | |||
+ | Downstream (Content) of generally 676 and 680 bytes | ||
+ | Upstream (ACKs) of generally 109 bytes | ||
=== DNS === | === DNS === |
Latest revision as of 02:15, 24 February 2020
expressVPN
What is the next thing to test once the LI functions are working.. do what the bad guys do.
Scenario: ISP -> External Router --> Internal Router with OpenVPN --> Test Host.
Observations
What is seen
UDP packets on the client side - high port, server side udp port 1195
Downstream (Content) of generally 676 and 680 bytes Upstream (ACKs) of generally 109 bytes
DNS
tshark dump of dns requests - endpoint is resolved as the expressVPN openVPN tunnel is established, no dns requests from the client behind the internal router from this point on.
SOURCEv4 ISP_DNS newzealand-ca-version-2.expressnetw.com SOURCEv4 ISP_DNS newzealand-ca-version-2.expressnetw.com SOURCEv6 ISP_DNSv61 newzealand-ca-version-2.expressnetw.com SOURCEv6 ISP_DNSv6 newzealand-ca-version-2.expressnetw.com SOURCEv6 ISP_DNSv61 Nz.pool.ntp.org SOURCEv6 ISP_DNSv61 Nz.pool.ntp.org SOURCEv4 ISP_DNS cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com SOURCEv4 ISP_DNS cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com SOURCEv6 ISP_DNSv61 cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com SOURCEv6 ISP_DNSv6 cp4g55kg60mlqmrmv8z6jfm80qpadm1ltnxjura672orzjpyidmmz9ivqlmsqu8.xpressunblock.com
HTTP / Other
Nothing seen from inside the tunnel.