VPN Gate Being Hacked?

Post your questions about VPN Gate Academic Experiment Service here. Please answer questions if you can afford.
Post Reply
vpngatecerts
Posts: 4
Joined: Sat May 31, 2014 6:51 pm

VPN Gate Being Hacked?

Post by vpngatecerts » Sat May 31, 2014 7:00 pm

Recently I've been getting a lot of certificate errors. Investigating further it seems many of the automatically generated OpenVPN configuration files on the main site contain incorrect CA root certificates. The Root CA is supposed to be the GeoTrust Global CA. Some of the configuration files have the correct certificate but many do not.

This is the CORRECT certificate

-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMDIwNTIxMDQwMDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQG
EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UEAxMSR2VvVHJ1c3Qg
R2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2swYYzD9
9BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjoBbdq
fnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDv
iS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU
1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+
bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5aszPeE4uwc2hGKceeoW
MPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTA
ephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVkDBF9qn1l
uMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKIn
Z57QzxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfS
tQWVYrmm3ok9Nns4d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcF
PseKUgzbFbS9bZvlxrFUaKnjaZC2mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Un
hw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6pXE0zX5IJL4hmXXeXxx12E6nV
5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvmMw==
-----END CERTIFICATE-----

This is one of the INCORRECT certificates. You can check yourself by downloading several of the OpenVPN configuration files and seeing that many are incorrect.

-----BEGIN CERTIFICATE-----
MIIB6TCCAVICBREzhCUXMA0GCSqGSIb3DQEBBQUAMDsxETAPBgNVBAMTCGQ5bzYu
b3JnMRkwFwYDVQQKExBlYzcxOXF1IDk2Y3Z0eXY2MQswCQYDVQQGEwJVUzAeFw0x
NDA1MzEwNTAyMDBaFw0xOTAzMTIwNTAyMDBaMDsxETAPBgNVBAMTCGQ5bzYub3Jn
MRkwFwYDVQQKExBlYzcxOXF1IDk2Y3Z0eXY2MQswCQYDVQQGEwJVUzCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEAm4FKXjbLjhzScgdiFzx0wSc4c8MDyR2ButsZ
jNvCJD3Ugia9LVTYxrgBZ5DD+chbR0vRxQmm+RdBdKcSg54KQ+kWBptMijf7sQpa
ttL7yd7Ywgom97FK5SDxo+BPIXp7atoNIsSvBca2Of1aQqQ4LfZ+QWVBpFe8sAPX
Gt9Ivd0CAwEAATANBgkqhkiG9w0BAQUFAAOBgQBFMbL5M3GEmwQRSb6W8+AkRU/H
VCR+Pxb2fqXSBIW+HbnncBl+SLZ3p8Ut8sasRlT4lcNIQ6QqTnWcFjuwScQfTQ6n
l2dPRenFSSsyY4VZHEio5iwgBp2HLZbBCMNm8BW2QcVMyonCVxifimiqYSZwM/BJ
ybVEmqRjarPMENF+qw==
-----END CERTIFICATE-----

This is not an error on my end, I have been using OpenVPN with no problems for quite some time.

It seems as if someone is injecting malicious certificates into the configuration files.

Here are some examples of the errors you get when trying to connect to a server with these incorrect certificates

Sat May 31 13:09:23 2014 VERIFY ERROR: depth=0, error=self signed certificate: CN=4lrt9xw4yj4p.org, O=r27dy g49l, C=US
Sat May 31 13:09:23 2014 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Sat May 31 13:09:28 2014 VERIFY ERROR: depth=0, error=self signed certificate: CN=q4j5.com, O=0pdw6rlmlt qz6d7a, C=US

Sat May 31 13:09:30 2014 VERIFY ERROR: depth=0, error=self signed certificate: CN=k0emhgta0mdx4kh.com, O=lm9w8 p5be, C=US

This seems like quite a big deal.

vpngatecerts
Posts: 4
Joined: Sat May 31, 2014 6:51 pm

Re: VPN Gate Being Hacked?

Post by vpngatecerts » Sun Jun 01, 2014 9:21 pm

No one knows what is going on? Still today nearly all of the servers have WRONG root CA certificates? Only maybe 1 out of every 10 servers has the correct GeoTrust Root CA.

Most users will likely not experience this problem because they download the OpenVP configuration files individually for each server. That means the incorrect certificate in the configuration will match the incorrect certificate on the server.

I have a manual setup where it is uses the GeoTrust Global CA no matter what, which is why I am unable to connect to any server that has these incorrect randomly generated certificates.

This is a big deal, we're supposed to have a trusted CA not rancomly generated self signed certificates.

dnobori
Posts: 228
Joined: Tue Mar 05, 2013 10:04 am

Re: VPN Gate Being Hacked?

Post by dnobori » Wed Jun 04, 2014 6:06 pm

This is not "Hacked". It is normal.

VPN Gate Project changes SSL certificates of the constant percentage of all VPN Gate relay servers to random certificates, instead of *.opengw.net wildcard certificates.

This technique is helpful to protect VPN Gate Servers to be found by government censorship firewalls which are looking for active VPN Gate Servers by matching the signature on the SSL negotiation phase.

dnobori
Posts: 228
Joined: Tue Mar 05, 2013 10:04 am

Re: VPN Gate Being Hacked?

Post by dnobori » Wed Jun 04, 2014 6:07 pm

The VPN Gate web page is now providing individual configuration files for each VPN Gate server, with individual random certificates.

Post Reply