[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] FTP session - sniffing clear text password?

  • Subject: [Openvpn-users] FTP session - sniffing clear text password?
  • From: <nobledark@xxxxxxxxxxxx>
  • Date: Fri, 17 Aug 2007 19:00:26 -0400


Hoping that I'm just mis-interpreting what I'm seeing - using 
OpenVPN in "road warrior" config for a while now secure IM and FTP. 
Just on a whim I fired up Ethereal on my client to look at the 
traffic that my FTP client generates (FTP tunnels to server on 
private IP through VPN, doesn't work otherwise). I configured 
Ethereal to look at the TAP adapter and set the capture filter to 
"tcp port 21". 

When I started the session, I was shocked to see both my user name 
and password in plain text in the capture. I confirmed that I was 
sniffing traffic on the TAP (nothing showing up on the other 
interfaces during this session) and I repeated the test numerous 
times. The VPN appears to be connecting normally and I can access 
the same resources that I always have been able to.

Am I looking at the traffic before it is encrypted or do I have a 
big problem?

Hoping for the best - thanks....

Click here to increase your salary by earning an online degree.

Openvpn-users mailing list