Talking about VPN and Agent

Pen Test VPNs

Preface

VPN and proxy are two common “over the wall” approach, then what is the difference between the two: applicability? safety? access speed?

Proxy

1.1 Principles

  • The proxy server is located between the client and the Internet. The server receives the request from the client and then sends the request to the target site instead of the client. All traffic routes are from the proxy server’s IP address to obtain some resources that can not be obtained directly.

1.2 proxy is divided into HTTP proxy and SOCKET agent

HTTP proxy is in the HTTP protocol layer of the proxy service, can only handle HTTP / HTTPS requests, mainly to meet the user Web browsing web needs, because only deal with HTTP requests, processing speed.
SOCKET agent does not resolve network traffic, transfer packets and do not care what kind of application protocol, which makes SOCKET agent can be used for a variety of environments, support FTP, SMTP, HTTP, also supports QQ, BT download and other applications, There are typical Shadowsocks. Usually divided into socks 4 and socks 5 two types, socks 4 only supports TCP protocol and socks 5 support TCP / UDP protocol, also supports a variety of authentication mechanisms and other protocols.

VPN

2.1 Principles

VPN (Virtual Private Network), between the client and the host to establish an encrypted tunnel, the client’s request to encrypt all the way to send to the VPN server.

2.2 mainstream VPN is divided into PPTP, SSL VPN, IPSec VPN

PPTP (Point to Point Tunneling Protocol) Point-to-Point Tunneling Protocol. Using the PPP protocol to encapsulate the data, add an additional header for the transmission of data on the Internet, using MPLS encryption authentication, work in the data link layer. The current computer, smart phones, and other devices are supported by this agreement, no additional software can be installed.
IPSec (Internet Protocol Security) VPN using IPSec protocol to achieve VPN technology, work in the network layer. Including LAN TO LAN (station to station), ENDTO LAN (end to a station) and so on.

Contrast

3.1 Resource characteristics

  • VPN is the client and server configuration in a LAN domain, all in the configuration of the VPN server to the server specified in the LAN within the IP, and the statement can be used to assign to the client IP range, each client connected VPN, Will be assigned to a characteristic IP address, you can view through ipconfig / ifconfig.
  • Proxy, the server only accepts the client’s request packet, and then forwards the client without assigning a specific IP address.

3.2 Applicability

  • PPTP VPN / IPSec VPN and other common VPN the best applicability, computer equipment, smart phones, PAD intelligent devices by default support such VPN connection, without any additional software to obtain VPN services. SSL VPN usually requires the installation of specific software to use. All traffic from the default computer is transmitted over the VPN
  • Proxy mode generally needs to install the client to use, you can also set up through the browser proxy, the default only set the proxy application (usually the browser) traffic package through the proxy server.

3.3 Security

  • PPTP is the most common VPN, installation and deployment is very simple, there is no shortage of online “one-click build” tutorial, but PPTP VPN using MSCHAPV2 authentication protocol, the agreement broke a lot of security flaws on the Internet, may lead to man-in-the-middle attack Blasting (asleap + thc-pptp-bruter), and the secret key space is only 2 ^ 56, the use of professional attack equipment can be cracked in a short time encryption key, access to VPN communication content.
  • IPSec VPN uses AH protocol to provide data integrity and identity, using ESP protocol for data encryption. SSL VPN uses SSL to encrypt traffic and has a higher level of security than PPTP.
  • Shadowsocks uses AES-256-CFB or RC4-MD5 encryption, the security is relatively high.

3.4 access speed

  • Online for SOCKET and HTTP proxy speed comparison of the word, some people think that SOCKET agent directly forward traffic, do not care about the specific agreement, and thus faster; also said that because of the agreement to support the processing, encryption takes longer, so the speed Slower. I think the actual application, the limiting factors are mostly client-to-VPS access speed, encryption time and the number of protocols is not the decisive factor, the bandwidth is relatively fixed, the type of agreement, resulting in the page browsing speed sensual slow, but The total flow is almost flat. This can also be compared to the Shadowsocks proxy browser to feel faster than the VPN, the default VPN is the system global proxy, all the requested traffic to spend bandwidth, and Shadowsocks only the agent’s data traffic, the same bandwidth sensory browsing speed is really faster