Custom made VPN encryption question

[Khoomn]

So this just came to mind, for the past id say 4 months I've been using my own private vpn, buying a vps from 100up, ovh, and as of right now im using virmach. I go with the cheapo option because I'm like that and it suits my needs for a vpn. I use softether vpn since for some reason, whenever i try openvpn it just flat out doesnt work. I set the encryption to AES-256 but what I'm wondering is, can the company hosting my vps, if they were to look into my network activity, see everything I am doing or is it encrypted to AES-256 on their end? I have logging disabled on my client and server, also using the application "wipe" on ubuntu 16.04 to wipe any connection logs every 1-2 days. I'm not doing anything illegal obviously but if im using their vps as a vpn, why would I choose to give all data to some random company instead of xfinity.

 

TLDR; using AES-256 encryption on softether vpn, with logging disabled, can my vps provider see my network activity, such as websites i visit or things i do, or is it encrypted for them too?

[brwainer]

When using a VPN, you are moving the point of trust from one place to another. You are using a VPN to hide you traffic from the ISP at your house/hotel/cafe, but now you have to trust the ISP of your VPS (which to a certain extent is your VPS provider). When your data leaves your VPS to go out onto the general internet, at that point it is no longer encrypted, aside from connection level encryption like HTTPS. Anything that is saved on disk is not encrypted unless you set up the OS to use an encrypted disk. And unless you have to provide the decryption password every time the VPS starts up, anyone who gained access to the VPS’ raw data could decrypt it also.

[Khoomn]

1 hour ago, brwainer said:

When using a VPN, you are moving the point of trust from one place to another. You are using a VPN to hide you traffic from the ISP at your house/hotel/cafe, but now you have to trust the ISP of your VPS (which to a certain extent is your VPS provider). When your data leaves your VPS to go out onto the general internet, at that point it is no longer encrypted, aside from connection level encryption like HTTPS. Anything that is saved on disk is not encrypted unless you set up the OS to use an encrypted disk. And unless you have to provide the decryption password every time the VPS starts up, anyone who gained access to the VPS’ raw data could decrypt it also.

Ok so the info that goes into my vps and out to the internet, is my vps provider able to see any of the unencrypted data from the outside, using KVM. In my original post I said that there is absolutely 0 logs i leave on the vps, and anything that is kept there such as connection logs to the vps or anyone trying to port scan is logged, but like i said, i use a program called wipe to completely delete that info every 1-2 days

[jaicax]

Just set up Wireguard VPN on that vpn start using it, Wireguard is much better than OVPN.

[Khoomn]

1 hour ago, jaicax said:

Just set up Wireguard VPN on that vpn start using it, Wireguard is much better than OVPN.

I'm using SoftEther VPN with AES-256 encryption

[brwainer]

7 hours ago, Khoomn said:

Ok so the info that goes into my vps and out to the internet, is my vps provider able to see any of the unencrypted data from the outside, using KVM. In my original post I said that there is absolutely 0 logs i leave on the vps, and anything that is kept there such as connection logs to the vps or anyone trying to port scan is logged, but like i said, i use a program called wipe to completely delete that info every 1-2 days

Your VPS provider can definitely look at or copy the network traffic going to/from your VPS, but they should only do so if they receive a court order to do so - this is the same as a wiretap on a phone line, except the judicial system doesn’t generally feel that collecting internet traffic is as private as tapping a phone line. The same applies to whatever ISP your VPS provider directly uses. Depending on the situation, your traffic might get captured if, for example, another VPS hosted on the same physical server were committing illegal activity.

[Khoomn]

On 8/6/2020 at 7:48 AM, brwainer said:

Your VPS provider can definitely look at or copy the network traffic going to/from your VPS, but they should only do so if they receive a court order to do so - this is the same as a wiretap on a phone line, except the judicial system doesn’t generally feel that collecting internet traffic is as private as tapping a phone line. The same applies to whatever ISP your VPS provider directly uses. Depending on the situation, your traffic might get captured if, for example, another VPS hosted on the same physical server were committing illegal activity.

Is there any way to have it all encrypted even for them or is that impossible?

[brwainer]

48 minutes ago, Khoomn said:

Is there any way to have it all encrypted even for them or is that impossible?

Your traffic (IP addresses and ports for all packets, and the contents of packets which don’t use encryption such as DNS and HTTP) have to be decrypted *somewhere* in order to actually be routed on the internet. So you have to eventually trust someone. Even using TOR doesn’t get rid of this, because someone, either your ISP or your VPS provider and their ISP, can see that you’re sending traffic to TOR. If you want to be paranoid and really encrypt everything, then you need to dig deep into the technologies and learn it from a low level. You aren’t ready to be asking questions like what you are asking if you can’t answer them yourself. You don’t have to build every piece of encryption yourself but you have to know how every element works. Criminals who are caught (e.g. Silk Road) are caught because they didn’t catch every tiny piece - such as embedding an image on a TOR webpage using a non-TOR address, or using unencrypted email just one time. I’m not asking why you care about encryption and privacy, there are plenty of valid or on-the-fence reasons, but its not worth doing if you aren’t going to buckle down and do it right.

[Alex Atkin UK]

On 8/6/2020 at 12:48 PM, brwainer said:

Your VPS provider can definitely look at or copy the network traffic going to/from your VPS, but they should only do so if they receive a court order to do so - this is the same as a wiretap on a phone line, except the judicial system doesn’t generally feel that collecting internet traffic is as private as tapping a phone line. The same applies to whatever ISP your VPS provider directly uses. Depending on the situation, your traffic might get captured if, for example, another VPS hosted on the same physical server were committing illegal activity.

This is why using a proper no-log VPN is arguably safest.  Because if hundreds of users are sharing the same public IP address, its harder to track down who specifically is doing what.

With a VPS, you will have your own unique public IP address on your virtual server, so its much easier to identify you.

[Khoomn]

On 8/7/2020 at 7:57 PM, Alex Atkin UK said:

This is why using a proper no-log VPN is arguably safest.  Because if hundreds of users are sharing the same public IP address, its harder to track down who specifically is doing what.

With a VPS, you will have your own unique public IP address on your virtual server, so its much easier to identify you.

So right now I have a machine that I delete all logs of anything ip related on the machine, whether that be just connecting to the machine through the vpn or any kind of ssh, does the company that owns it still have access to seeing the ip connected to the machine through their own network manager on their end? or does me deleting any logs on the machine actually help?

[brwainer]

19 minutes ago, Khoomn said:

So right now I have a machine that I delete all logs of anything ip related on the machine, whether that be just connecting to the machine through the vpn or any kind of ssh, does the company that owns it still have access to seeing the ip connected to the machine through their own network manager on their end? or does me deleting any logs on the machine actually help?

Any network operator, be it your VPS provider, their direct ISP, or any ISP between your VPS and the destinations you connect to can see the IP addresses and ports of the packets that you send. It is common for networks to generate "Flows" and save them for some period of time. A Flow includes the source and destination IP and port, the start and stop time of the connection, and the amount of data transferred in each direction, but not the actual data transmitted. What your VPS provider does with this data is likely controlled by your contract with them and any related data policies they have. They have the most affect over your privacy since they can directly associate your VPS' IP address with you. For the rest of the ISPs that generally form "the internet", this data is basically treated as public information because they don't know what IP belongs to whom, but they will generally only use it for network security (detecting and trying to stop DOS attacks) or when requested by law enforcement.