11

It's clear that someone listening on a network could still find out what website I visit over HTTPS (as discussed here) but what about when surfing in a VPN? What exactly can the underlying network (not the VPN host) see? Can it see what IP addresses (websites) I connect to whilst using a VPN?

Community
  • 1
vpn-curious
  • 113
  • 1
  • 1
  • 4

3 Answers3

11

It mostly depends on the type of VPN you use, how it is setup and how you use it.

Generally speaking, if your VPN is setup to process all your connections then the attacker will see the initial handshake and then only encrypted data (and some management traffic, from time to time).

So, someone sniffing the network between you and the VPN host will not be able to see what web site you're accessing, what DNS requests you make or anything else.

This, however, relies on a few critical elements that are not always guarantee:

  • The client you're using is secure and properly configured.
  • The attacker does not have any control on any part of the infrastructure you're going to use outside the network he's snooping on (specifically, he does not control the DNS server you're using - which might or might not be provided by your VPN or any other host you're accessing through your tunnel).
  • You connect to your VPN provider before doing any browsing and keep using it all the time afterward until you terminate the session (it's easy to leak information when web sites can do requests in the background and when browsers might be setup to restart your previous session on startup).

Also, be aware that it's possible to setup a VPN connection only to secure data that goes to a specific network. In that case, most of your traffic will actually be unencrypted.

Stephane
  • 18,557
  • 3
  • 61
  • 70
  • Very interesting, especially the thought about "hidden" Ajax requests the site might still be doing after terminating the VPN session. Thank you – vpn-curious Aug 29 '14 at 07:47
  • @vpn-curious, Ajax requests are normal HTTP requests, why does it matter? – Pacerier Feb 16 '15 at 20:36
4

Not if you are still using your ISP DNS

Below is very good answer that explains how to force all the traffic to leave your PC to the VPN https://security.stackexchange.com/a/13907/31356

If you configured the above correctly no one will be able to find out which sites you visit even if they were listening to your traffic unless your PC itself is bugged

Community
  • 1
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
-1

If the web server isn't configured to use OCSP stapling, then the OCSP server will also know every web server you visit - even when using VPN.

Jonas Bjork
  • 1