What does the Wireless ISP (WISP) "see" when I'm using VPN from home?

I start a new job next Monday, and my new company requires me to use their VPN server but my wireless ISP contract was for personal use only.

I realize that the WISP can see all my unencrypted traffic, but, what does any future VPN /encrypted/ traffic look like to my WISP?

Specifically, can the WISP tell I'm using VPN? Or does everything just look like https encrypted traffic to the WISP?

Reply to
Yaroslav Sadowski
Loading thread data ...

Yes.

It might be, if you connect to the appropriate port (443, I think) on hosts (IP addresses) which are conceivably HTTPS servers. Figuring that last bit out includes some amount of discretionary decision-making on the part of WISP (i.e. is this usage pattern consistent with someone who uses a lot of video steaming from a single HTTPS server during work hours or is there something fishy going on?).

Reply to
Aleksandar Kuktin

You need your ISPs definition of personal.

Net traffic being sent to and from you personally strikes me a being personal, in that it is to and from you personally. If someone is paying you to participate is that any business of your ISP?

If they care to look it's a persistent encrypted stream to a single endpoint. what it resembles most is traffic to a VPN node.

If they probe the VPN node or reason from it's IP address they could be pretty sure. dunno what lawyers would make of that.

they can't read the content, but they can examine the frequency and size of the transfers.

Reply to
Jasen Betts

Connecting to one's employer's VPN via a residential "personal use only" internet service is commonplace. Don't worry about it. Your ISP just doesn't want you running a Web store or a paid subscription newsletter service or somesuch.

Reply to
John Hasler

Aleksandar Kuktin wrote, on Fri, 05 Sep 2014 00:32:45 +0000:

What does my VPN traffic look like that "tells" them I'm using VPN?

Reply to
Yaroslav Sadowski

Jasen Betts wrote, on Fri, 05 Sep 2014 12:18:19 +0000:

I've never "seen" encrypted traffic, but I assume it's just a bunch of numbers to an IP address (presumably of the VPN server).

Does the WISP see that IP address of that VPN provider?

Reply to
Yaroslav Sadowski

Yes

Reply to
Caver1

Caver1 wrote, on Fri, 05 Sep 2014 12:35:01 -0400:

I was afraid of that.

So, just so that I understand, what you're telling me is that the WISP can "see" that I'm going to go to a certain IP address, on various ports, which he can reverse DNS to figure out that this IP address corresponds to a VPN provider.

The various ports would include everything, such as nntp, smtp, http, ssh, telnet, https, pop, imap, etc.

Can the ISP also tell what PORT that traffic is on, or does all traffic to a VPN go over a single encrypted port?

Reply to
Yaroslav Sadowski

I don't think they see the port. When you first connect it is unencrypted. More then likely it is encrypted once you login. They can see your IP and the IP that you are connecting to. WISP probably doesn't look at your traffic unless there is a problem, In which case they look at the load of traffic not necessarily the IPs unless they narrow it down to a certain user. Or if the Gov't comes after it.

Reply to
Caver1

Well, there is a lot of it, it is encrypted, and the remote end is on a host:port pair that is "unusual".

When browsing through SSL, there is normally only little data coming from your machine and a lot of data coming from the remote machine. Your VPN connection will probably be more symmetrical.

Encryption of traffic gets all sorts of fascists worked up. It is also a normal part of VPN operation.

Host:port pair is not necessarily specific to VPNs, but it will probably be unusual enough that any sane admin in your WISP will suspect a VPN. Provided he cares enough about it.

There may also be other things: maybe the VPN setup is dead giveaway, maybe link teardown.

Reply to
Aleksandar Kuktin

Aleksandar Kuktin wrote, on Fri, 05 Sep 2014 18:37:03 +0000:

I am unfamiliar with VPN, so, may I just ask if the VPN connection uses a particular port (such as 23, or 443, or whatever), or, if they use any port that they want?

Reply to
Yaroslav Sadowski

There are standard ports [eg 4500 for IPsec NAT traversal], but really, any port they want.

Reply to
alexd

The traffic encapsulated inside the encryption? No.

Every VPN implementation I've seen carries the payload over one port. Actually that's not 100% true - IPsec when there's no NAT involved doesn't use TCP or UDP so there's no "port", but for the use case of someone running a VPN client on their PC connecting through their router to the internet, it's going to be on one TCP/UDP port or another.

Reply to
alexd

And if your ISP notices and starts to hassle you (which I also doubt that they are going to do) , switch ISPs or persuade you company to buy you the commercial use service.

Reply to
William Unruh

Once the connection is made, it looks like random garbage. It is in the making of the connection there there may be enough info for them to decide it is a VPN connection attempt. (for example for ssh, you connect to port 22-- although you can change that, to, for example, port 80 in which case it will look like encrypted http data. For openvpn it is prot

1194.)
Reply to
William Unruh

Of course. They have to deliver the packets to the right place.

Reply to
William Unruh

No. He can figure out that that address is your company's address. He has not idea what they provide.

Depends. There are "standard"ports for those, but you and they can agree on any port you want.

It goes over a single port. Remember each packet has to be delivered by your ISP and others along the route, to the right computer, and that computer has to figure out what to do with that packet (port). It has to differentiate between a packet which is supposed to go to the VPN and which goes to ntpd say.

>
Reply to
William Unruh

alexd wrote, on Fri, 05 Sep 2014 21:24:20 +0100:

Just to be clear, does that mean that, say, if I'm on port 119 on the computer while connected to the VPN server, that the WISP has no idea that I'm on port 119 because they only "see" the VPN server port?

Likewise, if I then switched to port 1000 or to port 2000 (or whatever), is the switchover likewise invisible to the WISP because all they see is the VPN port (whatever that may be)?

I think that answered the question above. Is this summary correct?

  1. The WISP can "see" the IP address of the VPN server.
  2. The WISP can "see" the port of the VPN server.
  3. All "traffic" is garbage to the WISP.
Reply to
Yaroslav Sadowski

William Unruh wrote, on Fri, 05 Sep 2014 20:34:18 +0000:

That confuses me since, it seemed, people said that the way VPN works is that all traffic (no matter which port it's on) is all on a *single* port to and from the VPN server.

So, that would mean that nntp, smtp, http, ssh, telnet, https, pop, imap, etc. traffic, on my side, would be on whatever single port the VPN connection was on, from the standpoint of the WISP in the middle.

Is that not correct?

Reply to
Yaroslav Sadowski

In this case, "the right place" is the next hop. :)

Reply to
Char Jackson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.