Options
The VPN process in windows server
Robbo777
Member Posts: 331 ■■■□□□□□□□
I have a question about VPN'S and the whole process of what is being used to encrypt.
If I log into a network via VPN, then there is a certificate that is used when I log in that has certain cryptographic properties attached to it, but if I select a VPN protocol such as SSTP then there are protocols on that that are being used as well. Along with the same certificate on the routing and remote access server, the NPS server and the Health register authority server also when a health certificate is published! It seems as if the same certificate is spread out on the same network, but which part of the network is using the certificate and SSTP also? I'm confused as to what is getting used and where???
So...a "code signing" certificate used with a user who writes powershell scripts and they're signed with a certificate but does that mean that an admin can restrict all powershell commands bar ones that are signed with that certificate??
I'm under the impression that the whole VPN SSTP process works like this...
User goes to connect
Enters credentials
Certificate is validated where it connects on the RRAS server
Properties on certificate such as RSA is used along with what encryption to set up shared secret??? It says on the NPS that it uses MPPE as encryption! But if a health certificate is used then when do those encryption and key exchange algorithms come into it???
I'd love a complete run down of what actually happens so I can understand it more???
There are just so many components and I'd like to know how they all tie in together.
If I log into a network via VPN, then there is a certificate that is used when I log in that has certain cryptographic properties attached to it, but if I select a VPN protocol such as SSTP then there are protocols on that that are being used as well. Along with the same certificate on the routing and remote access server, the NPS server and the Health register authority server also when a health certificate is published! It seems as if the same certificate is spread out on the same network, but which part of the network is using the certificate and SSTP also? I'm confused as to what is getting used and where???
So...a "code signing" certificate used with a user who writes powershell scripts and they're signed with a certificate but does that mean that an admin can restrict all powershell commands bar ones that are signed with that certificate??
I'm under the impression that the whole VPN SSTP process works like this...
User goes to connect
Enters credentials
Certificate is validated where it connects on the RRAS server
Properties on certificate such as RSA is used along with what encryption to set up shared secret??? It says on the NPS that it uses MPPE as encryption! But if a health certificate is used then when do those encryption and key exchange algorithms come into it???
I'd love a complete run down of what actually happens so I can understand it more???
There are just so many components and I'd like to know how they all tie in together.
Comments
-
Options
OctalDump
Member Posts: 1,722
The rule of thumb when talking certificates is that asymmetric encryption is used for authentication and key exchange, and symmetric encryption is then used for the session.2017 Goals - Something Cisco, Something Linux, Agile PM -
OptionsRobbo777
Member Posts: 331 ■■■□□□□□□□
I know but whats confusing is WHAT is using the symmetrical encryption, is it the certificate or SSTP with MPPE?
-
OptionsOctalDump
Member Posts: 1,722
The VPN session uses symmetrical encryption. So each session negotiates its own symmetric encryption key, and then the traffic going through the VPN tunnel is encrypted using that.2017 Goals - Something Cisco, Something Linux, Agile PM
-
OptionsRobbo777
Member Posts: 331 ■■■□□□□□□□
So the certificates are the key exchange and the actual session uses the symmetrical encryption, got it. On the symmetrical encryption though, it seems to only use something called MPPE, and there doesn't seem to be anyway of using any others such as AES etc... It seems as if MPPE is used with PPTP but i'm using SSTP and on the status of the connection it says MPPE is what is actually being used, whats going on here? Haha