Testing with wireshark

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
anter
Posts: 2
Joined: Wed Jun 27, 2018 8:39 am

Testing with wireshark

Post by anter » Wed Jun 27, 2018 8:52 am

Greetings everyone!

I have a school assignment where I had to setup a VPN connection and I've decided to use a SoftEther software.
I think I've managed to establish a proper connection using a PC as a server (connected to a router via a wire), and a laptop client (connected to WiFi on a same router). The software shows there is a connection established so I presume that part was done succesfully.

My question is, how do I prove I've created a VPN connection using Wireshark software. I've tried capturing with WiFi option from laptop (client), and with VPN option (also from client). WiFi option shows more UDP packets when I connect to VPN, and VPN option shows a lot of GQUIC packets which also have "(Encrypted)" in the Info section. I'm trying to get this assignment right, so I want to know if my method was correct, and can I use screenshots from VPN option to prove a succesfull VPN connection.

Feel free to ask any questions and thanks in advance :)

cedar
Site Admin
Posts: 976
Joined: Sat Mar 09, 2013 5:37 am

Re: Testing with wireshark

Post by cedar » Thu Jun 28, 2018 9:18 am

If the destination of the captured packets is the VPN server, you can determine that the communication is on the VPN.
If the destination is a Web server, the communication may be done directly without VPN.

anter
Posts: 2
Joined: Wed Jun 27, 2018 8:39 am

Re: Testing with wireshark

Post by anter » Thu Jun 28, 2018 10:44 am

So this means I have to send some data to server (PC) using any type of network communication(homegroup, LAN cable,...) and capture that part?
Out of curiosity, can I route all my traffic from client through server when accessing Web servers?

cedar
Site Admin
Posts: 976
Joined: Sat Mar 09, 2013 5:37 am

Re: Testing with wireshark

Post by cedar » Tue Jul 03, 2018 9:07 am

A general OS can not divide the communication addressed to the same IP address into multiple interfaces.
Naturally, communication to the destination IP address of the VPN connection can not be encrypted.
Because the session used for VPN connection needs to be assigned to the physical NIC, not the virtual NIC.

If you want to encrypt communication (other than VPN) to the host of the VPN server, you need to assign a different IP address to the host of the VPN server than the one used for the VPN connection.
If the VPN server is under NAT, you may use a private IP address.
Alternatively, there is a way of installing a VPN client to the host itself of the VPN server and connecting to the virtual HUB.
To communicate to the host of the VPN server, please use such alternative IP address.

Post Reply