0

I am using the MacOS client of PIA in tandem with Little Snitch to monitor network activity, but within this question, I am curious how VPN clients work generally.

For privacy and security I, like most VPN users, would like all of my traffic to be routed through my VPN. While my VPN is connected and killswitch is activated, I am seeing many applications with incoming/outgoing traffic in addition to pia_openvpn_client (examining in little snitch network monitor).

My understanding of how VPN clients/tunneling works: The VPN takes every IP packet you would've sent and wrap it up into an IP packet addressed to the VPN server so that it appears to come from a distant machine. Sort of like mailing a pre-addressed envelope to your friend to send on your behalf.

If this is the case, shouldn't all of the traffic on my computer be from the VPN client? I know I can navigate Chrome to a website which tells me that Chrome's traffic is coming from a known VPN IP address, but how can I verify that ALL of my computer's traffic is being tunneled?

Thank you all in advance :)

pixelpax
  • 131
  • 3
  • only certain types of VPN client can do this. You must use a client that uses a virtual network adapter (vNIC) and modifies the IP routing table to send all traffic through that tunnel. This will capture all IP traffic, but Ethernet traffic that doesn't use IP will not pass through the tunnel, unless the traffic is destined for a MAC address that is known to be on the remote network. Most Layer2 VPNs do not pass broadcast traffic, so L2 broadcasts will be dropped on either end of the tunnel. – Frank Thomas Jun 07 '17 at 01:46
  • Which VPN technologies are you using with PIA? I see they support L2TP/IPSec which occur at a low level, and should cover most traffic, but also OpenVPN, and PPTP and SOCKSv5 which all occur above the IP level. so which one are you using? Your assumptions as you have expressed them are only true of Layer2 VPNs. – Frank Thomas Jun 07 '17 at 02:45

0 Answers0