12

I am checking that my VPN is really encrypting connection, using wireshark.

When I capture from the WiFi interface the data is encrypted by openvpn protocol, but when I capture Local Area Connection (TAP-Windows Adaptor v9) then I see unencrypted data.

My question: Is my VPN leaving data unencrypted, or it is normal that VPN has unencrypted data in its own adaptor and it is a part of encryption?

Fros Vonex
  • 125
  • 6
  • You might wish to test this using two computers. This would more closely resemble an actual man in the middle attack that you are trying to simulate. Setup Wireshark and WiFi hotspot on the second computer. Try communicating through the hotspot with the first computer. Start without VPN to make sure you can see the relayed plaintext traffic. Then turn on the VPN and confirm that the plaintext traffic is no longer visible. – cyberixae Jan 08 '21 at 12:30

1 Answers1

34

This is expected as you are capturing the traffic before it enters the VPN tunnel i.e. before it is encrypted.

Esa Jokinen
  • 1,619
  • 10
  • 11
  • 2
    It's like your Wireshark session is the bouncer to the VPN club, checking IDs at the door. – Asteroids With Wings Jan 04 '21 at 02:19
  • 1
    @AsteroidsWithWings - I'm stealing that analogy! – warren Jan 04 '21 at 19:14
  • 9
    In other words, the TAP interface is the door through which traffic enters the VPN. Tracing traffic at the door gives you the original. What you trace at the Wifi interface is encrypted traffic leaving the computer. – berndbausch Jan 02 '21 at 05:17