3
I'm using a Cisco VPN client to connect to a local server of my society. Do they track all the URLs I visit when connected to the VPN Client? If I go for example on bbc.com, is it recorded in my log (if there's any)?
Thanks.
testermaster
Posted 2015-02-14T04:27:04.763
Reputation: 313
2
Based on our discussion, you seem exclusively concerned about local logging from the cisco VPN client, monitoring connections that are not using the VPN.
Cisco does not log IP connection information, except that which pertains to the VPN connection itself, like establishment, maintenance, and disconnection. See here for examples of the logs the VPN client uses: https://supportforums.cisco.com/blog/150666/software-vpn-client-logging-common-issues
The statistics you are seeing, are simple interface connection statistics, based on the standard windows interface statistics.
In terms of remote side logging, and bypass, The VPN client intercepts all traffic the host wants to send onto the network, and performs a route lookup on the IP, to determine how to handle it. If split tunneling is disabled, the default gateway for the interface is set to send all traffic to the VPN host network, but if it is enabled, the default gateway remains as it was, sending all traffic to unknown networks out the normal LAN interface, and out your internet connection. That means that other than the Client itself, no other equipment is able to log the URL. if you disable split tunneling and send your internet traffic onto the VPN LAN, at which point, equipment on that LAN might choose to log your connections.
Frank Thomas
Posted 2015-02-14T04:27:04.763
Reputation: 29 039
Hi @Frank Thomas, thank you so much for your patience. – testermaster – 2015-02-14T05:37:40.613
it won't appear in a local log by default, but as for logging by the organization, that is entirely up to your secret society. when you VPN into another network, all the host network's management policies are in play, so if they force all internet traffic through a proxy and log connections, there is no way you could tell for sure, or do anything about it either way. If they are the Illuminati or the Masons, then they most certainly track you. The Cult of Cthulhu probably wouldn't care where you surf. Look into Split Tunneling, so your internet traffic stays off the VPN. – Frank Thomas – 2015-02-14T04:48:47.530
Hi Frank Thomas, first of all thanks for the reply. I'm asking this because, if I go on sites likes whatsmyip while I'm connected to VPN, I see my original IP, and not the one of the VPN, so I presume that I'm using my connection when browing sites outsides the VPN. So, do you confirm that also URLs outside VPN could be logged? In the statistics, I see that almost all packets are bypassed, only few of them are encrypted, decrypted or discarded. What does "bypassed" stands for in this case? – testermaster – 2015-02-14T04:56:01.927
it sounds like you have split tunneling enabled. when you connect to a VPN, your computer is kinda on two networks at once, so it uses the rules of IP routing to send a packet out the right interface (the VPN interface or the physical LAN interface). Without split tunneling, all addresses are forced through the VPN interface, and pass through the societies network. with it enabled however, internet traffic will (usually) go our your Internet connection straight to the web server, not through the VPN. In otherwords, they Bypass the VPN. – Frank Thomas – 2015-02-14T05:03:57.230
In "tunnel details" I read "transparent tunnelling" = Active on UDP port 4500. In "Route details" I read the IP of the server I can connect to. Does this confirm your opinion? And this also should means that filtering is done on my local PC, and so URLs different from the one of the society's server are not logged, right? Thanks again! – testermaster – 2015-02-14T05:07:41.260
I'm talking about windows IP routing, which is how your computer is determining what interface to use to send your packets (and in the process, whether to use the VPN to do it, windows doesn't really know its a VPN at this level). Routing is done by IP, not URL/DNS name. – Frank Thomas – 2015-02-14T05:22:55.287