[SOLVED] Question about "Use default gateway on remote network" and monitoring activity

Mar 24, 2020
3
0
10
I am working from home right now and I forgot to disconnect from my work VPN over the weekend. I have "Use default gateway on remote network" unchecked for the connection. Would that affect my employer's ability to monitor my web traffic? Or are they able to see everything?
 
Solution
Too complex to say for sure. vpn can be setup in many ways.

Fairly simple test is to run tracert to some web sites and see if the first hop is your router IP or the vpn. You should also run tracert for whatever dns server you are using. It might send the dns over the vpn but the traffic directly out. In many ways the DNS is actually more of a issue because it is sent unencrypted but the web traffic is almost always send via https so it is hard to say what you are actually doing even if you intercept the traffic.

Note it is considered bad security practice to allow split tunnel. Normally when the vpn is up you want all traffic to go to the vpn including blocking any traffic to local lan devices like printers or nas.
The...
Too complex to say for sure. vpn can be setup in many ways.

Fairly simple test is to run tracert to some web sites and see if the first hop is your router IP or the vpn. You should also run tracert for whatever dns server you are using. It might send the dns over the vpn but the traffic directly out. In many ways the DNS is actually more of a issue because it is sent unencrypted but the web traffic is almost always send via https so it is hard to say what you are actually doing even if you intercept the traffic.

Note it is considered bad security practice to allow split tunnel. Normally when the vpn is up you want all traffic to go to the vpn including blocking any traffic to local lan devices like printers or nas.
The theory is you do not want someone using the machine as a hop off attack point to get into the company network. This also tends to be why many companies will not allow personal devices on the network. It is much easier to secure them if they are control by the central domain servers so you are sure the patch level and virus etc are all the same.
 
  • Like
Reactions: Stardrizzle
Solution
Mar 24, 2020
3
0
10
Too complex to say for sure. vpn can be setup in many ways.

Fairly simple test is to run tracert to some web sites and see if the first hop is your router IP or the vpn. You should also run tracert for whatever dns server you are using. It might send the dns over the vpn but the traffic directly out. In many ways the DNS is actually more of a issue because it is sent unencrypted but the web traffic is almost always send via https so it is hard to say what you are actually doing even if you intercept the traffic.

Note it is considered bad security practice to allow split tunnel. Normally when the vpn is up you want all traffic to go to the vpn including blocking any traffic to local lan devices like printers or nas.
The theory is you do not want someone using the machine as a hop off attack point to get into the company network. This also tends to be why many companies will not allow personal devices on the network. It is much easier to secure them if they are control by the central domain servers so you are sure the patch level and virus etc are all the same.
Thanks for the reply.

I tried a tracert to google.com both connected and disconnected to my office vpn. The first 5 hops were identical, both of the 1st hops going to my default gateway IP. Does that mean they wouldn't have my browsing logged?
 
That pretty much means all the traffic bypasses the vpn.

Still even if they did the traffic means very little. Some IP addresses you can do a reverse lookup and guess the site that is being used. All you would be able to see is it was google for example you would not really know if it was a search or one of the many other things you can do on google ip addresses.