If I have software on someones computer is it possible for me to detect if they are on using a VPN?

Posted on 2011-04-30
Last Modified: 2012-05-11
If the VPN is set up so it never uses the normal connection.. ie so if the vpn disconnects software on the computer wont reconnect using the regular connection.

Is it possible for software on the computer to see the other connections and to know its currently running on a VPN?

I imagine if it is.. there are ways to hide it?.. one way would be to set up the VPN on a router or something else.. and have the computer connected to that... so the computer doesnt even know its using a VPN?

Also is there anyway to tell if an IP is coming from a VPN?  if I was running a website and I could see the IPs connected to there any way to tell if any of the IPs are from a VPN?

Question by:bail3yz
    LVL 5

    Expert Comment

    Hello, Your question does not seem to be obvious enough.
    Can You be a bit specific?
    E.g. What kind of software the opposite side uses, client or server? On which side of connection do you need to know about VPN is active, local or remote?
    For what exactly do you want to know VPN is in use? Is the connection inaccessibility after the VPN goes down the main trouble, or something else.
    And of course, are the VPN server and its client both under your control?

    If I understood your configuration right, and some host has some software that works correctly only when VPN connection is active, then there is a simple way to see it's active: just ping another side of a VPN connection. It must be the VPN tunnel server's endpoint IP. If another connection is active but not the VPN, and outgoing traffic is routed thru that another interface, then of course, the VPN's interface internal addresses would be unreachable.
    If your VPN tunnel has fixed local IP, you can ping this local one too.

    Author Comment

    I am running a client software on my computer and I want to HIDE that I am using a VPN.. I dont want them to know that I am using a VPN...
    So I want the VPN set up so the software never connects via my regular IP if the VPN goes down..
    So I am wondering if they can add something to their software to notify them if I am on a VPN?

    which is also why I am also wondering if they can tell its a VPN IP from their side
    LVL 33

    Accepted Solution

    ok, from the top
    1) locally running software can usually find out what sort of network connection it is on, provided it is permitted to see that info - in win7 (for example) UAC goes nuts if you try probing the network adaptors to find out what you are using.

    2)a VPN can be on the local machine, be on a router, be... well, anywhere else between you and the eventual target machine. you also have to consider the concept of NAT - a normal home user will have an ip of something like but by the time he reaches the internet, his ip is something like 123.343.232.111 - the IP his router has, and which maps all the home pc IPs to that IP. That is *normal* and pretty much expected, so trying to distinguish that from one that is also a vpn, then a NAT somewhere else on the internet, is asking for trouble.

    3) one common trick that tries to "bust" vpn links and more importantly, stuff like TOR is to run a DNS server, then have your software query a randomly generated subdomain of your main domain; unless the link also does DNS, then that will be sent to the real DNS server of the client machine (usually, the ISP) and you can match that against where http connections appear to come from, and IP connections. sometimes you will find that http connections come from a proxy though (some isps are doing transparent proxy of http again, for commercial reasons)

    4) usually a vpn will have overlap - so if you see multiple users that you don't expect to come from the same place using the same IP, then they are by definition using the same internet connection (via vpn or other) - but again, some mobile internet providers have applied NAT to their customers, so that you will see multiple users on the same IP if they are using the same mobile internet provider.

    So, no easy answers.
    LVL 5

    Assisted Solution

    Pretty good explanations from DaveHowe. They (enemies) are avoided to know your regular IP, but not to know that a VPN is used.
    Maybe there would be an option just to forbid the common connection (not VPN) usage for this client software only?
    So, if you know your client's destination address (or address range), then you can simply route (bind) these addresses to specific interface with any kind of Firewall software.
    If those addresses are bynd by wall to VPN only, the another side will never be reached from other interface if VPN is down. So, they'll never see your real IP, but the VPN WAN side's only.
    In addition some firewalls can assign rules per process (e.g. Agnitum Outpost). In this case you even don't need to know address to create such rule, but an application name only.

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    RDP connection over VPN 4 41
    network + video series 4 39
    Running Out of IP Addresses 9 100
    I think we have a virus 5 36
    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now