VPNs, Proxies and Secure Tunnels Explained (Deepdive) 

I'd really enjoy a Deepdive about TLS.

I was just wondering about this and then got a notification.

As a network engineer, tunnels are by far the most deceptive concepts. At their simplest, you're just shoving IP within IP, at their most complex, you get complaints ;).

This series is actually a gold mine

Great video! The most important part is your smiling face at 6:57 when you talk about the "beautiful way". The next time I'm struggling with incompatible IPSec-tunnels, I'll remember your face and all frustration will be gone. You oversimplified a bit: not all tunnels have their own interface. We all love good old SSH tunnelling, as we do with recent websocket tunnels.

Great video content for those, who start learning networking. Even basic understanding how routing works will surely make VPNs much easier to grasp. Especially those, which use virtual interfaces. On the other hand, policy-based ipsec tunnels, which do not have nor their own routes, nor endpoint IPs, yet can somehow connect private networks just as fine as those tun/tap devices always amazed me. While I certainly can configure & use that, I never could understand how it works on a packet level, would be a nice if you could do some explanation video, thanks!

I feel lucky that you still share the knowledge with us. literally gold channel

Great video! From a perspective of a graduated cyberdefence student and actual penetration tester, these questions "from the past" are 100% in point! Other thing that bothered me in the past is for example "How the email systems actually works?"

I would appreciate a video about OAuth & JWT, generally these authentication methods and how these tokens are created, sent and stored via HTTP and how they relate to user roles and permissions I find difficult to understand.

Amazing video! It would be awesome to do a second version, but diving deeper and complex! Again, thanks for your videos, they are very informative and easy to follow

This was great! Have actually never completely understood how vpns work, great explaination!

I really love your enthusiasm about the topics! 👍

This is such a good explanation. You are so good at explaining these topics and such a natural in front of the camera

Thank you so much for sharing the knowledge in such a simple manner

Wow, this was complex but you explained it really well. Also thnx for including the python code.

Really detailed video, I’ve been experimenting with tunnels recently & I think you explained the underlying concepts extremely well 🥳🥳.

Absolutely loved this video!

I'm really enjoying these explainer videos. I had this ah ha! moment half way and I finally get tunnels. That was way simpler than I could have imagined.

Perfect video man! Keep it coming ^^

Thanks a ton for this I was confused about this today in class!

I love the mini videos with you encapsulating packets hahah

your videos teaching things are awesome

really good explaining

Absolutely excellent video super helpful thank you!

What a great video! ❤

Using swIPE protocol I was part of a small team that implemented one of the first VPN tunnels over the internet with the tunnel running between two proxy based firewalls. I also implemented a DOS/Windows vpn client. This was around 1996. Later ipsec and TLS became available. Things have really changed now that encrypted comms is the norm : )

Really awesome and deep explanation thank you

Brilliant. Thank you so very much.

Love your videos ^^

Wow, the networking world is amazing, thank you

I'd love a deepdive on WireGuard protocol and how things like Tailscale work under the hood to get around CGNAT. Thanks for the awesome videos!

Great video, thank you!

Great video!

yay deepdives!

Amazing vid

i deff subscribed for your minecraft content. its great

If you mix these concepts with SSL that would be very interesting at least for me. Thank you for sharing knowledge

Can it be a coincidence that a server on the IP you used in your video now hosts an nginx instance with some weird XSS-like payload in its TLS-certificate common name? ('"'>')

Nice animation of the osi layers

I love your content. Please, please, please, create a video comparing and exploring the differences between the source code of Linux and FreeBSD

Great content :)

Thanks Fabien

I would absolutely KILL for a video discussing how Kerberos works. Or, if possible, every step that happens from plugging a smart card into a windows machine during Interactive Sign On to Kerb to successfully getting into you computer.

I like the LiveOverflow university

Thank You😊

Can't wait for a video on Union routing. c:

Hey you did a great job with this deep dive series I must say. I was wondering if you could do another about "storage" in detail; i.e. differences between block storage, file storage and their usages with examples ? Thanks!

learned a lot

Muy bueno !!!!

Nice video! Could you make a video on files, sockets and streams :D

Our favorite hacker is back. Let's go!

Can you make a video on relay its types and when/why we need it and how they work and are they different from routing and just everything about relays. Especially out of the context of TOR so we can understand relay and ultimately the TOR.

Thanks!

Thanks, well explained 👍 Just wonder, how do you make these animated images?

Generally, proxies offer quicker connection speeds compared to VPNs. This is because proxies selectively route specific traffic, while VPNs encrypt all internet activity, potentially slowing down speeds. Zeus Proxy offers a rotating residential proxy ideal for tasks like e-commerce multi-account registrations, data crawling, airdrops, and gaming.

Please do a IPSec version of this. It's not TUN/TAP(despite VTI) but something rather old fashion. I think many people get confused when dealing with both kinds. Also I think it's worth to talk about the routing table magic when using TUN/TAP tunnel, like why I route everything into it but it doesn't loop?

Great Video! Something about TLS?

Talk about certificates, I'm using them, issuing them but don't *really* understand it. CA Authority, TLS, SSL.

How about a deep dive on building/making software? There are a number of tools that expedite build processes, but how all the dependencies and sub-modules work together would be useful.

tbh I like the ad at the end

are you still doing the Minecraft series? i think you should go over most of the third party "schematic" file formats (as most of them are just NBT, though some are text based and/or custom binary encodings)

Greater video thank you! Could you maybe make a video about reverse proxy to?

I felt like you were on the same page as I was for a second

you could do a video about containerization, i don't exactly know the name, but you know, explain concepts used in docker or in virtualbox

One detail what I would have liked to see here is some detail on what the IPs "within" the tunnel really are. Are they just artifacts of packing a whole TCP/IP packet as data into another TCP/IP packet or do they have more meaning, e.g. in terms of routing?

thanks

Can you do a video about hardware based root of trust in embedded systems? Using secure storage for keys etc. And public key cryptography

Very nice explanation! Thank you. One question, you said "you can tell the operating system please route ALMOST all traffic..." Why almost? What data isn't routed?

Hello is it possible to make a video about certificates (deepdive)? Ty

I'd like to see a deepdive into a file structure. A file is made up of a header data and the content data. How can we inspect the header data and where is the meta data stored - in the header? Are there common flags that indicate where the content data starts and ends? etc.

Please please please can you make a video about application layer or more specifically DNS and its hierarchy and types? Or routing explanation in a nonconfusing way? Sorry if I asked maybe something unrelated to what you wanted to do

I always take issue when "transparent" is used when describing technology. I think most of the time people actually mean "opaque". Let's say you have a loadbalancer to some API and it forwards incoming traffic to multiple backend servers (e.g. round robin). You could describe this as transparent since the request goes _through_ the loadbalancer, like through a glass window and still reaches the server. But I would argue this loadbalancer is opaque to the API client. The client has no idea that different servers are targeted, only the API endpoint is relevant for it to function (ignore header shenanigans, etc.). The loadbalancer takes care if a backend server is unreachable. On the other hand, if you use multiple DNS Records ("DNS Loadbalancing" or "poor man's load balancing") and show that there are multiple servers answering requests, you need to take care to retry if one of those servers looses connection. (You should always build in retries though!) In the case of a VPN (or tunnel) the client (curl, nc, browser, etc.) is not aware that it is using a VPN (you can of course detect it, if you want, but this is not the point). The client just does its thing, it does not care if there is something extra. If you want to be more technical you could say you hand this problem down to your network stack then then chooses the right interface (which would be a tap, tun, or wg interface etc.). I think "transparent" is so widely used for opaque technology, because it sounds more positive and because the request/operation reaches its target "through" something. In practice, I find it confusing to talk about actual transparent technologies, for example that implement transparent caching or failover; here the client has to do actual work. Sorry for the rant! I actually quite enjoyed the video!

Unlike VPNs, Zeus Proxy ensures that proxies exclusively change the IP address for the specific browser in which they are installed.

Great video but the image quality was kind of low. Maybe you should consider to upload in 4K in the future.

So the tun/tap, which is not a network card, is treated like one, in a similar way that usb drives can be treated as keyboards, even if they're not?

do you think you could teach chatgpt to buffer overflow its own text prediction's return variable?

Can you do "What is a registry" next? I have heard about the windows registry or docker registry etc... But i have no clue what it actually is (not completely i know you can store something, but looking at it in a more technical way) 🤔

You should make more of these videos explaining concepts. Why did you stoped?

So from my understanding, in the example with your version of "OpenVPN", you can route your packets to the virtual network interface card, and that's really a program like a VPN client. After the program does what it needs to do (ie putting on new headers, encrypting the data), does the program then hand off this new encapsulated packet back to the real network interface card so that it can reach the VPN server? I guess I'm a little confused as to what the next steps would be after the packet goes to the vNIC

I think there is also potential for a BIOS/UEFI/bootloader/boot etc. Video but that could be rather short

I was exactly looking for tunneling and spliting stuff and i was thinking where are you, why this dude didn't post anything for about 2 weeks

I read pixies. Pixy based security would be awesome

Hi ,pls talk about how to keep our phones secure and anonymous, im talking about ads loclisation ,...Or that there is no escaping from this in return for obtaining Google services !!

I didn't understand why you'd want to use the VPN protocol which has these added steps to preserve your IP header? Wasn't the proxy setup simpler, and possibly more performant?

if the IP and TCP packets are left unchanged and just released on the private network ... how does the other side know how to send data back through the VPN Server program ?

*Secretttttt Tunnelllllll!!!*

based

If traffic from a computer goes into a VPN and then to a server on the internet, how does the server know to respond to the VPN, not the computer (since the ip source header would contain the computer’s ip address if the same exact packet that the computer sent would be released into the VPN) and if yes how does the vpn know how to send the server’s response back to the computer since the server had no idea that it was talking to a vpn

thanks for saving us from the scanning work ;)

Is there any security issue / government tracking problem if we create our won vpn? Need sugesstions thankyou❤️

Can we get a video about TCP meltdown?

👍

@4:47 the comment says decrypt but the arrow says encryption. its confusing to me.

Push!

How do programs utilize drivers? Why do anticheats use them?

What about the server response? The terminal server is gonna send the response packet destined for your actual computer and the not the vpn server. Can't your isp just look these incoming packets and use the source to figure out what websites you're actually talking to? I'd reckon at the very least the vpn server would modify the ip header of the actual packet and make itself the source so that it can receive the response from the terminal server.

You mentioned it in passing, but through VPN you can work with any protocol on top of IP. UDP works on top of IP, for example DNS. ICMP works on top of IP, for example ping.

Do they actually use TCP packets? I thought that they use UDP to avoid a TCP Meltdown?

maybe docker explanation?

a tunnel is what i'm gonna use to keep sharing my netflix account