I know you can backtrack what websites a devices has been going through in a router,however, what about when using a vpn?
Will you just see traffic going through the vpn or will the source/destination ip address show from the websites you’ve visited?
The way I see it is:
node->router->vpn->website
Therefore you would think that between node and router if a malicious person wanted to perform a MITM by connecting to the router admin setting, the hacker would be able to extract information even if youre using a vpn.
You need to make sure the vpn config is using the VPN server as DNS or it could be DNS requests still are visible!
Technically if it’s a host vpn being used, the vpn encrypts the data before leaving the host and going on to the router. At that point the router can see the originating internal ip of the host and the IP of VPN server but nothing else.
Nope. It’s node - vpn - router - ISP - vpn - website.
Anything between the two vpn is encrypted and your router and ISO can only see vpn connection.
Your router wont see the websites you visit. All your router will see is that you are connecting to a VPN server. For example, lets say the website I want to visit has an IP of 10.1.1.1.1 and my VPN I connect to has the address 10.2.2.2.2. The router will connect to the VPN (10.2.2.2.2) and then the VPN server will connect to the website (10.1.1.1) your router will never “see” the 10.1.1.1 connection because the VPN server is connecting to it not your router. After you receive a reply from the website it will seem as if it came from the VPN as that is handling all your requests. In short your router will only see you connecting to the VPN server. All requests/replies will go through that VPN tunnel and thats all your router will see.
The router logs you as connecting to the VPN website. One of the reasons DNS leaks are a concern is because this is probably the main place where your destination could leak.
Therefore you would think that between node and router if a malicious person wanted to perform a MITM by connecting to the router admin setting, the hacker would be able to extract information even if youre using a vpn.
My home router would see my local IP address connecting to an IP address which is owned by a VPN provider. If someone got control of my router and looked at my logs, that’s all they would see.
Never thought about this myself. I had always thought that a VPN (client/software) on the host ensures the traffic is encrypted before it leaves the endpoint as the software would work on the application layer so traffic is encrypted before finally hitting the wire which would then prevent someone on the network intercepting it, even if they were positioned between the host and router. I could be wrong though lol
Thank you guys for answering!
Late comment…
- Without VPN: Node ↔ Router ↔ ISP ↔ Website
- With VPN: Node ↔ VPN Client ↔ Router ↔ ISP ↔ VPN Server ↔ Website
VPN Client sits on the node (desktop or mobile) and encrypts web traffic before it leaves the node.
Yes and this is important. Using a VPN without pay attention to DNS leaking requests is awful. Check this: https://www.dnsleaktest.com/
Is this assuming you have a home vpn? Cause I don’t see how traffic goes into the vpn first without leaving your LAN
The five octet examples hurt my soul
Yeah, didn’t think about it either till I was in the shower this morning lol
Maybe a reverse proxy might fix this situation?
No leaks here, thanks for the link!
Provided you have a VPN that is configured properly, let me try to break down how a VPN works with a super basic analogy and a shitty drawing:
So imagine that when you use the internet without a VPN, all the traffic flows through the black wider tube in the drawing, from your PC to your Router to your ISP and out to the world, with your router and your ISP able to see what websites you visit and also any unencrypted traffic being visible.
When you use a VPN, you create the inside red tube which then all traffic from your PC will flow through. Traffic in the red tube is encrypted, which means your router and your ISP presumably will not be able to see this traffic at all.
Hope this helps.
No. The VPN still goes through your Lan. But if you are using a VPN client on your computer then your router and your ISP will only see vpn traffic. It still goes through your router and ISP. But it’s encrypted. And it will just see traffic to your VPN provider.
There are multiple ways of setting up VPN. If you set it up on your laptop (or whatever device) then all points between laptop and VPN provider won’t be able to tell what the traffic is. This means your router, ISP, and any other hops.
Diagram: node - VPN - router - ISP - VPN - website
The downside of course is that now every device needs the VPN set up locally. Alternatively you can set the VPN up on the router. Then the diagram is:
Node - router - VPN - ISP - VPN - website
In this case it is probably possible to make the router keep track of which node goes to which website.
The first diagram is useful if you take your laptop to a coffee shop and don’t trust the network. The second is useful if you want to secure traffic between two offices or datacenters. Since those have a lot of devices and a more secure LAN.
Maybe it’s octal. That’s not much better, but it’s how I’m gonna sleep tonight
The thing is that on most home set ups the DNS is set to the ISP. It doesn’t matter if it’s encrypted because if your ISP is doing the DNS resolution then they know what sites you are visiting anyway. If your routes point DNS requests via your ISP router then these will take a different route than your VPN traffic. VPN software sometimes has an option to use the VPN providers DNS which will route it via the VPN.
Ar reverse proxy won’t help because it’s not necessarily dealing with the DNS.
The answer is to set your VPN to use the VPN providers DNS if you want that traffic encrypted. Or manually set your DNS to 1.1.1.1 and use CloudFlares DNS.
It’s not so easy to change the DNS on your Phone but there are apps that can do it.
