VPN logging

[sti1471]

I need to know some more information about how VPN security works. Here is a specific situation.

Lets say that I use a VPN such as privateinternetaccess, or boxpn for a VPN service. I am connected to a hotel WiFi. If the administrator of the WiFi router logs into the router and looks at the logs, can they see the websites or IP addresses that I accessed while I was using their WiFi on my VPN service?

At home, when I log into my router and check the logs, it shows a large log of IP addresses, so i know the router logs internet access information. However when using a VPN service can it log my internet traffic, or what would actually show up in the logs?

Thanks.

 

[office politics]

vpn creates a "tunnel" to a different server and allows internet communcations to pass thru it. The traffic is also encrypted. So the router will see traffic passing thru it, but it will see the traffic going to the vpn server that you are connected to. Smart admins would block vpn services. **cough** which reminds me i should do this, lol.

anywho, the traffic is encrypted so anyone copying or scanning your traffic should not be able to see what you are transferring. they should only see generic vpn traffic. However, i have heard of some enterprise firewalls being able to dig into these tunnels. I think sonicwalls do it. I;ve never seen it tho.

 

[Yevrag35]

Yes, what officepolitics said.

Most likely all their router(s) would be able to do is to write in the log that VPN traffic is passing through, but they wouldn't be able scan the packets that traverse it.

 

[sti1471]

OK so if connect to my vpn, then I go to hotmail, youtube and facebook, the route log will not show the ip adress, url, or any information that I ever visited those sites, even though all traffic still passes through it?

It will only show a bunch of unreadable code?

 

[Lexluethar]

The source and destination IP addresses show up as those are in the IP packet headers - not encrypted. The stuff that you won't be able to see in the logs are the encrypted data which comes after the packet header.

 

[sti1471]

Hmm, I guess this information is a bit disappointing. I thought by using a VPN, it blocked all my traffic on router logs.

Where I live the internet provider is kind of expensive. My neighbor and I talked about setting up a bridge between his house and mine and split the bill. The download speeds we get are great, but the cost is high. However since he has the internet package already, I would have the bridge setup in my house. However I don't want him to be able to go into his router logs and see all the traffic that my family uses from our house. Not that we are doing anything wrong, but I would like to hide it what sites we go to. So I thought by using privateinternetaccess.com vpn, it would not show each websites that we go to on his router logs. I know that it hides the actual data, but it still shows the address of the website I went to in the logs. So if my brother-in law comes to town, and gets on adult sites, if my neighbor looks at the logs, he will think I or my wife was searching porn sites. Since he is fairly a religious man, I would rather not offend him or anything. But it sounds like even when connected to a VPN, if someone goes to an adult website, his router logs will be able to see that someone from my house accessed that adult website? He is basically able to see every site we go to, when, and how often, and that just feels weird. Even though the actual data is encrypted, he still know what web sites we we types into our browser to access on the internet?

 

[Lexluethar]

Try using a web proxy in your internet browser of choice - that way traffic is actually going to the proxy first, then going to the actual website. This should make it to where all traffic actually looks as if its going to the proxy (which it is).

 

[Yevrag35]

Hmm, I guess this information is a bit disappointing. I thought by using a VPN, it blocked all my traffic on router logs.

If it did that, then you wouldn't be able to get anywhere. The router you're going through HAS to know where to send the packet, otherwise it'll just drop. Lex's suggestion will at least hide the real destination from the router by taking an extra hop.