Can an ISP still see what URLs one visits when using a VPN?

I mean if one uses a VPN, can the ISP still see or know what exact URLs one visits or downloads from? By that I mean any URLs we type in our browser or even use URL Links in like jDownloader downloading data over HTTP.

For I think the Connection that the user makes to VPN goes through ISP only like this:

VPN Schematic

As we know VPN tunnels are encrypted, but how well encrypted are they really?

I read this and I didn't quite exactly understand, What he meant to say by corporate network and split tunnel. And what if one just uses net from home. What exactly did he mean to explain?

Yes the ISP can see your surfing traffic and DNS queries if your VPN is set up as split tunnel (where only traffic going to your corporate network goes over the encrypted VPN tunnel and every thing else goes out the regular internet path)

I also came to read this thing about URLs/IP Blocking:

To block content, all an ISP has to do is check the URL (website address) against a blacklist of banned sites, to decide whether the user should be accessing it. This same technology can be used to track people watching banned content as well. A method used to track the viewing of accessing a blacklisted website would trigger an alert.

So I wanted to know, while if accessing blocked/blacklisted URLs through a VPN, can it trigger an alert at the ISP end? I mean will they be able to see/know, what URLs one has Visited?

Steve

Posted 2013-06-19T07:19:38.520

Reputation: 147

5If your ISP could listen in to your VPN traffic they would have called it Virtual Public Network :) – Jack – 2013-06-19T10:25:04.997

3The answer to your question depends on if the connection to the VPN is secure. Just disregard somebody with 11 reputation who offered no additional details, and posted a single response. As for if a VPN connection is encrypted or not encrypted I have not seen any VPN service offered where it does not use encryption. – Ramhound – 2013-06-19T11:40:42.360

@Ramhound Citing anyone's reputation as part of your argument devalues it. You can call it what it is, not helpful, but even that argument is moot because it's a comment and not an answer. – Jack – 2013-06-19T22:53:52.650

@Jack - The quoted text was posted as an answer, without any supporting documentation, I disregard answers like that almost all the time. We really going not agree the quoted text is just wrong? – Ramhound – 2013-06-20T11:32:46.883

I agree the answer is crap, I thought you were referring to my comment :) – Jack – 2013-06-20T12:13:41.570

Answers

if it's correctly set up, all your traffic will get through the VPN and your ISP won't be able to see anything.

pataluc

Posted 2013-06-19T07:19:38.520

Reputation: 580

so then does that means all data transmitted between VPN and ISP are also encrypted , that means "including" what typed URLs requests we make . so then does that means also in a way that - URLs also get encrypted ? so that ISP doesnt gets able to see URLs ? – Steve – 2013-06-19T07:48:10.677

yes, VPNs (AFAIK) are encrypted (with server and client keys), and all data (not only page content, but url, dns request, etc) go through the VPN... – pataluc – 2013-06-19T08:00:06.977

thanx @pataluc that was what i was bit concerned/bothered about; not just only data content like file or page content , but the data requests - url n dns thing. :) . thanx again ! – Steve – 2013-06-19T08:24:49.953

Split tunneling allows regular traffic to go directly via your ISP to process those requests, and any VPN traffic would go through the tunnel and is encrypted. Your ISP can only see that you have a connection established to a certain address, but not the content of traffic going through it.

If you want all your traffic to be encrypted, you force all network traffic to use the tunnel. Latency would be higher in this situation.

You can test this by checking your WAN IP address and see if it differs from your ISP and using a DNS leak test, to see what servers are serving your DNS queries or even doing packet traces.

Jack crawford

Posted 2013-06-19T07:19:38.520

Reputation: 11

I've used TcpView to check the connections from my machine to the web sites I connect to, while using a VPN. My machine connects "directly" to the web sites, meaning there is an all-the-way TCP connection set up, and the site name is looked up by TcpView and shown on the list of connections.

This means two things:

My VPN does not act as a proxy (i.e., does not act as the TCP endpoint and forward my traffic back and forth via a second TCP connection). The VPN themselves confirm this is the case.
My Internet fiber provider, Google, will clearly be able to see what I'm connected to, because they don't need to know my IP address. They can judge this based on their router. In other words, they can know what I'm surfing by looking at what end-node of the network I am, instead of my IP.

Maynard G. Krebs

Posted 2013-06-19T07:19:38.520

Reputation: 1