• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

If I have software on someones computer is it possible for me to detect if they are on using a VPN?

If the VPN is set up so it never uses the normal connection.. ie so if the vpn disconnects software on the computer wont reconnect using the regular connection.

Is it possible for software on the computer to see the other connections and to know its currently running on a VPN?

I imagine if it is.. there are ways to hide it?.. one way would be to set up the VPN on a router or something else.. and have the computer connected to that... so the computer doesnt even know its using a VPN?

Also is there anyway to tell if an IP is coming from a VPN?  if I was running a website and I could see the IPs connected to me..is there any way to tell if any of the IPs are from a VPN?

  • 2
2 Solutions
Hello, Your question does not seem to be obvious enough.
Can You be a bit specific?
E.g. What kind of software the opposite side uses, client or server? On which side of connection do you need to know about VPN is active, local or remote?
For what exactly do you want to know VPN is in use? Is the connection inaccessibility after the VPN goes down the main trouble, or something else.
And of course, are the VPN server and its client both under your control?

If I understood your configuration right, and some host has some software that works correctly only when VPN connection is active, then there is a simple way to see it's active: just ping another side of a VPN connection. It must be the VPN tunnel server's endpoint IP. If another connection is active but not the VPN, and outgoing traffic is routed thru that another interface, then of course, the VPN's interface internal addresses would be unreachable.
If your VPN tunnel has fixed local IP, you can ping this local one too.
bail3yzAuthor Commented:
I am running a client software on my computer and I want to HIDE that I am using a VPN.. I dont want them to know that I am using a VPN...
So I want the VPN set up so the software never connects via my regular IP if the VPN goes down..
So I am wondering if they can add something to their software to notify them if I am on a VPN?

which is also why I am also wondering if they can tell its a VPN IP from their side
Dave HoweCommented:
ok, from the top
1) locally running software can usually find out what sort of network connection it is on, provided it is permitted to see that info - in win7 (for example) UAC goes nuts if you try probing the network adaptors to find out what you are using.

2)a VPN can be on the local machine, be on a router, be... well, anywhere else between you and the eventual target machine. you also have to consider the concept of NAT - a normal home user will have an ip of something like but by the time he reaches the internet, his ip is something like 123.343.232.111 - the IP his router has, and which maps all the home pc IPs to that IP. That is *normal* and pretty much expected, so trying to distinguish that from one that is also a vpn, then a NAT somewhere else on the internet, is asking for trouble.

3) one common trick that tries to "bust" vpn links and more importantly, stuff like TOR is to run a DNS server, then have your software query a randomly generated subdomain of your main domain; unless the link also does DNS, then that will be sent to the real DNS server of the client machine (usually, the ISP) and you can match that against where http connections appear to come from, and IP connections. sometimes you will find that http connections come from a proxy though (some isps are doing transparent proxy of http again, for commercial reasons)

4) usually a vpn will have overlap - so if you see multiple users that you don't expect to come from the same place using the same IP, then they are by definition using the same internet connection (via vpn or other) - but again, some mobile internet providers have applied NAT to their customers, so that you will see multiple users on the same IP if they are using the same mobile internet provider.

So, no easy answers.
Pretty good explanations from DaveHowe. They (enemies) are avoided to know your regular IP, but not to know that a VPN is used.
Maybe there would be an option just to forbid the common connection (not VPN) usage for this client software only?
So, if you know your client's destination address (or address range), then you can simply route (bind) these addresses to specific interface with any kind of Firewall software.
If those addresses are bynd by wall to VPN only, the another side will never be reached from other interface if VPN is down. So, they'll never see your real IP, but the VPN WAN side's only.
In addition some firewalls can assign rules per process (e.g. Agnitum Outpost). In this case you even don't need to know address to create such rule, but an application name only.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now