[SOLVED] If terminal needs to download or upgrade does it bypass my vpn?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 872
Rep:
If terminal needs to download or upgrade does it bypass my vpn?
If terminal needs to download or update a program does it bypass my vpn ? What about when I use synaptic or yt-dlp in terminal?
What command would I use to check to make sure my terminal is utilizing my vpn?
A "VPN" functionally exists as "a network appliance," covering a specified range of external IP-addresses as specified by the route command. If, and only if, that external address is "covered" by your "route," it will be protected.
Therefore: "all of this is occurring at the network level." It has nothing to do with any particular application.
What command would I use to check to make sure my terminal is utilizing my vpn?
What kind of VPN do you use? How do you connect to it?
/sbin/route will show you the routing table.
Quote:
Originally Posted by frankbell
My understanding is that, if you are using a VPN, any actions you do should go through the VPN.
This is not necessarily the case. Eg: If you connect to a VPN using a browser extension, then only traffic generated by that browser session will go through the VPN.
We have a VPN which works only for our company. So facebook, google, microsoft, debian and other sites work without VPN and also all hosts inside the company are reachable with VPN, in the same time. (something like post #3).
In a typical corporate setting, VPN is used to provide a cryptographically-secure "tunnel" to a specified range of IP-addresses, such as 10.8.x.x. These addresses appear as if they are "local," on some "private network." But it is a "virtual private network = VPN." Because the secure connection is made over a public network instead of a purchased piece of wire.
It is possible to arrange for VPN to capture all outbound traffic and send it through the tunnel to "somewhere else" for re-distribution. Some people do this in coffee shops. Some people try to do this to evade firewalls.
VPN works by linking into the operating system's "network stack" at one or two specific levels, allowing it to intercept the traffic by routing it through a "virtual network device" which leads to its software. It encrypts or decrypts the traffic and places it back into the network stack for final delivery. In this way, everything is automatically handled, without any further special effort on the part of end-users. The route command will display this "device" as something like tun0, and show you exactly what is being routed to it.
VPN can be used in a corporate network as though it were a simple "gateway." Everybody's traffic within the office is routed to one particular machine (or, hardware device) that is running the VPN software. It appears to them to "just" be a router or a switch, and it functions as one.
Last edited by sundialsvcs; 12-13-2023 at 07:57 AM.
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 872
Original Poster
Rep:
Quote:
Originally Posted by rkelsen
What kind of VPN do you use? How do you connect to it?
I use the software client provided by the vpn company, simply click and connect/disconnect an icon on the desktop.
It is not a browser extension.
Quote:
Originally Posted by rkelsen
/sbin/route will show you the routing table.
I have the output from that command you provided above, from that output what do I look out for that will tell:
- if terminal command is going thru the vpn client. Do I need to be running a command to gauge that?
- if synaptic is/isn't going thru the vpn client? Do I need to be downloading something to gauge that?
To gauge the above do I look at which title from the output of command /sbin/route below?
Code:
Destination Gateway Genmask Flags Metric ref Use Interface
Results
Code:
0.0.0.0 UG 0 0 0 tun0
default UG 100 0 0 enp2s0
0.0.0.0 U 100 0 0 enp2s0
UGH 0 0 0 tun0
UH 0 0 0 tun0
UG 0 0 0 tun0
UGH 0 0 0 enp2s0
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 872
Original Poster
Rep:
Quote:
Originally Posted by sundialsvcs
The route command will display this "device" as something like tun0, and show you exactly what is being routed to it.
What if it's not a device but rather terminal or synaptic manager and I need to know if these two are going thru the vpn client. I am not using a browser extension vpn.
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 872
Original Poster
Rep:
Quote:
Originally Posted by pan64
We have a VPN which works only for our company. So facebook, google, microsoft, debian and other sites work without VPN and also all hosts inside the company are reachable with VPN, in the same time. (something like post #3).
Do the commands from your terminal and package manager go thru the VPN, and can they both be tweaked to go or not go thru vpn?
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 872
Original Poster
Rep:
Quote:
Originally Posted by sundialsvcs
A "VPN" functionally exists as "a network appliance," covering a specified range of external IP-addresses as specified by the route command. If, and only if, that external address is "covered" by your "route," it will be protected.
How ill I know if synaptic and terminal are both "covered" by route i.e. green light to go thru the vpn?
Quote:
Originally Posted by sundialsvcs
Therefore: "all of this is occurring at the network level." It has nothing to do with any particular application.
So the terminal and synaptic do thru the vpn client whether you like it or not?
You seem to have taken ip addresses out of the output posted from the route command
I have this using "ip route show"
Code:
default via 192.168.4.1 dev wlp5s0 proto dhcp src 192.168.4.111 metric 600
192.168.4.0/22 dev wlp5s0 proto kernel scope link src 192.168.4.111 metric 600
192.168.124.0/24 dev virbr0 proto kernel scope link src 192.168.124.1
and this using "route"
Code:
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway.home.do 0.0.0.0 UG 600 0 0 wlp5s0
192.168.4.0 0.0.0.0 255.255.252.0 U 600 0 0 wlp5s0
192.168.124.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
Because you removed the ip information no one can tell exactly what the routing is telling us (we have no information).
Please redo that and post the full routing table without editing.
Last edited by computersavvy; 12-13-2023 at 07:39 PM.
Do the commands from your terminal and package manager go thru the VPN, and can they both be tweaked to go or not go thru vpn?
it depends on the target I want to reach, not on the software I use. For example if I want to use an internal package repository it will go thru vpn, if I use an external one it won't use that vpn. It also does not depend on other circumstances, like if I execute it from terminal or crontab or gui.
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 872
Original Poster
Rep:
Quote:
Originally Posted by pan64
it depends on the target I want to reach, not on the software I use. For example if I want to use an internal package repository it will go thru vpn,if I use an external one it won't use that vpn.
Does using synaptic package manager falls fall into the external package repository category? If yes then it would not go thru my vpn?
An example of an internal package repository would be a company with it's own repo? I guess individuals can have their own repo's too?
Quote:
Originally Posted by pan64
It also does not depend on other circumstances, like if I execute it from terminal or crontab or gui.
Did you mean to say "does depend"?
Synaptic package manager only works thru the gui whether your at work for a company or not?
If your at your workplace and you used terminal to download an item from your workplace distro's repo would that go thru the company vpn?
If you were at home on your personal computer using a vpn client downloaded onto your linux desktop and you used terminal to download an item from your personal computer's distro's repo would it go thru the vpn? What about your package manager?
Distribution: native install of Parrot Home Edition 5.0 Debian (no security tools) 64 bit, KDE, 5.14.0-9parrot1,
Posts: 872
Original Poster
Rep:
Quote:
Originally Posted by computersavvy
Please redo that and post the full routing table without editing.
Should the post without editing go ahead if:
- synaptic package manager was not actively downloading/upgrading etc in during the time I got the results for the routing table?
- terminal was not downloading or getting anything from external repo when I got the results of the routing table?
Should the post without editing go ahead if:
- synaptic package manager was not actively downloading/upgrading etc in during the time I got the results for the routing table?
- terminal was not downloading or getting anything from external repo when I got the results of the routing table?
What was or was not in use at the time is immaterial to the routing table. You are asking about traffic which does not show when looking at routing.
The only thing critical is that the vpn should be connected so we can analyze what actually is being done by the routing. Vpn vs the regular routing since the routing table, complete, shows what is directed to which interface.
Editing the output hides what the routing is doing and makes analysis impossible.
Last edited by computersavvy; 12-14-2023 at 05:44 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.