This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can VPN IP visible in a local network?

0

Now I am in a network of 10 devices connected to it and now Device 6 is using VPN. Is it possbile I can see the VPN IP address?

asked 18 Aug '17, 19:02

DanielRaj's gravatar image

DanielRaj
6113
accept rate: 0%

edited 19 Aug '17, 01:09

Jasper's gravatar image

Jasper ♦♦
23.8k551284

Is that a wired network or a wireless one? Do you have in mind an IP address of a remote VPN server which device 6 is using to anonymize its own traffic or you have in mind device 6's IP address within the VPN?

(19 Aug '17, 01:06) sindy

@Jasper Let me say, I'm considering a wired network (an institutional network). And let us take I am the Device 6 user, and I'm using a VPN Service application like Psiphon or Hotspot shield. Now is there a way that an network admin (for example, with a proxy installed in that network) can see the VPN IP than its original IP address ? .. and I would also want to know considering in a Wireless network.

(20 Aug '17, 19:02) DanielRaj

One Answer:

0

A usual network administrator can quite easily find out that some of the machines in the network is routing some part of its traffic through a VPN tunnel. It does not depend on whether the network is wired or wireless. A mere user has limited possibilities as compared to the administrator, that's why I've asked what type of network you were using.

The address part of packets to and from the VPN server is encrypted along with the payload, so in order to find out which particular IP addres the VPN client has been assigned and which remote IP addresses is it actually visiting, the administrator would have to decrypt the VPN communication. This is not easy but I hesitate to say it is totally impossible. At least for Chinese censors it seems simpler to forbid use of VPNs than to decrypt the traffic, but that may be a red herring.

Who does know for sure is the administrator of the VPN server.

One funny point noticed by another user here - Windows 10 did, under circumstances which are not fully clear, ignore the IP routing table when routing DNS requests, and were sending them via all routers they could find in the network configuration. That way, it was possible for network administrators to see what fqdns the VPN clients were visiting. It sounded crazy to me but I could reproduce that behaviour.

EDIT:

1) By no means it is possible that the network administrator would know the public IP address assigned to the VPN client, i.e. the address which the remote servers see as source one.

2) It is theoretically possible that if the local network uses private addresses and the VPN by chance assigns addresses from the same private range, the VPN client machine could respond to ARP requests coming to its physical LAN interface and asking for a local IP address of another machine which matches the one assigned by the VPN to the client machine. Some stacks respond to ARP requests regardless the interface through which they come in.

answered 21 Aug '17, 04:36

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 21 Aug '17, 15:50

Alright. How companies and IT security actually manages client VPN usage restrictions ? Do they block VPN clients by ACLs or there is a strategy to trace the VPN Clients ?

(22 Aug '17, 04:39) DanielRaj

Good question. As there are many different VPNs and many obfuscation techniques up to mimicking a regular https session (SSL over TCP port 443), I'm afraid the security device has to work with ACLs of both fqdns and IP addresses and maybe with traffic pattern analysis. However, that's just the very basic, I'm not a network security specialist.

As this is a different question from your original one, the correct way would be to post it a new one. A properly formulated question is the most important pre-requisite for a useful answer.

And if you actually seek information how to behave as a VPN client in order to avoid being spotted, I'm afraid you can do little at your side except choosing a provider of an anonymisation VPN which uses the best obfuscation strategy.

(22 Aug '17, 07:30) sindy