Return to

Testing security for VPN


I`m used to testing web applications and websites using OWASP guidelines etc. but now I’m facing a new task - VPN connection security testing. Which categories should look into and what types of tools, should I try to test VPN connection!

I have access to starting point(1) (my pc ofc.), connection to device which has the VPN client installed (2) and next access point (3). I have to check connection from 2 <-> 3.

More of less I’m thinking in borders of configuration setting review and proxy burpsuite/wireshark, maybe a honeypot[?]

Any additional tools or points of interest that might be worth looking into when talking of secure VPN?

Thank You in advance!



Are we talking a PIA Type VPN Subscription, or a Company SSL or SIte-to-Site VPN?

What do you want to know? If the Traffic through the VPN can be seen or intercepted? What would a honeypot be good for?



Company SSL for direct and 1 particular service use via domain user type connection establishment.
And yes, both interception and encryption + info leak from both sides 2, 3.

Honeypot was a thought by my manager, that why I put a [?] mark, because I can’t see use for it.




I can’t either. A Honeypot implies, that the one attacking your system isn’t aware of it’s existence, and that it looks like valuable stuff to him so you get enformation about him being in your network. There’s no value in using it as a tool to determine the security of anything. It’s more like, monitoring for intruders.

I’m sorry i won’t be of much help in the actual testing though. I never thought more about how you’d attack a VPN, as i assume a properly set up VPN shouldn’t be interceptable (that’s the point of it).
So yes, configuration verification goes a long way. Using the highest available Encryption should ensure the traffic is not decrytable. From my understanding, interception would only be possible, if the attacker is already present in the network of either endpoint. But at that point, you have bigger Problems than your VPN.

Are you tunneling the Full traffic of 2, or just the traffice that goes to the network of 3?

As said, i wouldn’t know what to look for specifically, other than general good practices (best encryption possible, really strong passwords, using non-standard ports, etc.). I’ll follow this thread closely though, as we have around 300 odd site-to-site VPN’s of varying configurations. So getting any more info on securing those beyond the “normal” stuff would be highly valuable to me.