Jump to content

Question about IP addresses when using and not using VPNs.


Recommended Posts

I have a question about the use of VPN services.

If you go to www.whatismyip.com or equivalent then you see the VPN IP not the ISP IP.

Normally, I have an internal 192.168.x.x IP and my ISP IP. With a VPN, I have the internal IP and the VPN IP.

So, when using a VPN, does that mean that there is no ISP IP but only an internal IP and a VPN IP? In other words, does the VPN effectively replace the ISP IP with its IP?

Is it:

a) 192.168.x.x --> VPN IP.


b) 192.168.x.x --> ISP IP --> VPN IP.

Thank you!

Link to comment
Share on other sites

>> Normally, I have an internal 192.168.x.x IP and my ISP IP. With a VPN, I have the internal IP and the VPN IP. <<

You have BOTH. Not to try and confuse you(although I might since I've been awake over 24hours now and will probably smack myself tomorrow after reading my own post), but you do have TWO internal and external IP's when using a VPN Service as your exit node, unless you're only connecting to another network, via their VPN to their internal network, sort of like an SSH session, which does not mask your extenal IP. It depends on the type of VPN in this case.

Not sure how in depth of an answer you were looking for so you can stop reading now if the above was any more insightful for you though, but in my mind it's not so much "b) 192.168.x.x --> ISP IP --> VPN IP." as it may be (to me anyway since looking at it from the network layer and applications in use):

"Internal VPN TUN/Virtual NIC IP (ie: 10.x.x.x) --> 192.168.x.x --> tunneled-encrypted-data forwarded by ISP IP --> VPN service --> VPN IP --> Internet now sees your VPN IP".

This depends on what you're looking at or how you look at what is happening, but I would say display your adapters with ipconfig in windows or ifconfig in linux, and you're going to see you have TWO internal IP's(aside from localhost/ of course) and TWO external IP's (use the route command) depending on the software you use to connect to things with and what goes over your tunnel before it's established and if the VPN will redirect the traffic, which it won't always do depending on the protocol in use.

Example, a service like SSH, if initiated before you start the VPN, will stay on your ISP's external IP to the SSH'ed session if established before the VPN session is started, while all new and existing traffic after the VPN is established such as browsers and email, will generally re-route through the tunnel on the fly for most applications and protocols. If on the VPN first, and then you disconnect from the VPN, your SSH session will drop though, but won't in the reverse scenario. Browsers for example will automatically switch between your real external IP and VPN IP depending on when you connect and disconnect or have an interruption in VPN service, which can and does happen, exposing your home machines external IP at times.

PC > DHCP from home router, NAT handles internal to external DHCP request and connection to ISP, gets your internet side IP (ie: some.ip.isp.net) while your NIC gets an internal IP (ie: 192.x.x.x) - then if you want to use the VPN's external IP to mask/hide your home connection's IP, you connect using the VPN software, and you get assigned another internal IP via DHCP off the VPN Tunnel Service to the virtual NIC in another private assigned IP range (ie: 10.x.x.x, 172.16.x.x via VPN Passthrough) and also a new external IP when your traffic routes through the VPN and exits it to the WWW for data it requests and is then sent back to you through the tunnel.

At all times you still have a connection with your ISP though (or you wouldn't be able to reach even the VPN, let alone the internet), only, with the VPN, your requests are forwarded and encrypted between you and the VPN Tunnel until it leaves the VPN side and when it comes back to you from the VPN to be read by whatever you're using at the application layer, ie: browser, email client, game software, etc. The VPN software takes care of wrapping/unwrapping and encapsulating all the data for you so its privately encrypted between you and the VPN tunnel. Some games, will also not work over a VPN, or will try to establish their own private connection and not route through the VPN, although this generally works much like the SSH scenario, I know EA and the Origin client will often not let you login to their servers if on a VPN at times, which I've had issues with depending on where my VPN IP's country exits from, but I think that's more them blocking by country IP than anything else..need to look into that actually and see, do they reroute around the VPN, in their own tunnel, or just block me at times depending on my external IP. Not 100% sure on that one..tangent, rambling...anyway..

So looking at your question again, initially your PC [ie: 192.x.x.x]> Router > ISP/ISP External IP address > Internet > VPN Service > tunnel established > internet (Encrypted traffic) > ISP (Encrypted traffic) > router - VPN Passthrough routing > (Encrypted traffic) Your PC TUN NIC [ie: 10.x.x.x] > VPN Software decrypts and sends back the data in the native application format requested and once established all traffic for the most part should show your VPN's IP to external networks.

The point at which your external IP changes only happens when it is exiting the VPN since you're sending data up the tunnel, and your internal IP of the VPN Adapter, will take over routing, encapsulating the data, and using your main NIC to forward over the route back up to the VPN server to your destination(s) instead of the ISP handling the requests, which in this case, makes the ISP just a route or hop to your second gateway, which becomes the VPN Service/server's IP.


Forgot to add..

After you start the VPN, open Wireshark.

Sniff on your home NIC (ie: 192.x.x.x) and you'll see, all traffic is encrypted by the VPN and travelling over this hardware, but can't be read, other than local arp and broadcast traffic or connections established before the VPN such as SSH, which in itself, will be encrypted but show you it is SSH traffic. It won't reconnect over the VPN on it's own since it is in itself a form of a tunnel.

Now stop and then start sniffing on the VPN/TUN adapter, and you'll see all the traffic like you normally would, in plain text other than HTTPS and again SSH or other SSL/TLS type traffic. If then SSH is started after the VPN is up and then the VPN drops, so will your SSH connection. Try it out.

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...