Does the traffic go through my company network when I browse when connected through SSL-VPN
I work for a company which is not in my country. The enterprise intranet is in a different country. We do not have many employees in my country - so everyone works from home. When we need intranet access, we connect through VPN to the company network to download stuff etc.
Previously we used to connect with the default VPN client which comes with Windows - so I assume it was an IPSec VPN. When I connected to the Company VPN all my internet traffic used to go through the company network - i.e. if I browsed google - it used to go to the google domain for the company's country rather than my country till I disconnected from the VPN.
Now the company has changed over to a different VPN - we connect through a Clavister SSL VPN client to connect to the company intranet. One difference I noticed was that now when I go to google, it goes to my normal google page (of my country) unlike before. Also the VPN client's console shows traffic only when I download something from the company's intranet - when I am browsing etc, it shows 0 sent, 0 received.
So I have 2 questions
1) Is there a way to confirm if my regular browsing traffic goes through the company network or not?
2) Why does this VPN work differently from the earlier VPN - i.e. why does the traffic not go through the company VPN (like the earlier VPN)?
Solution 1:
1) You may visit any site that shows you the (public) IP address your request comes from, a common example being http://checkip.dyndns.org/
Edit from 2020: Some more information can be obtained by going to https://ipinfo.io/ - that can give you a hint on which connection is being used - if you see the name of your private ISP there, or the name of your company, you might get an idea which way your request took.
If it shows the same IP while you're connected to the VPN and when you're disconnected, your traffic seems not to be routed through your company's VPN. The IP address shown will be the one assigned to your home internet connection.
Also, on a Windows computer, you may open a shell and enter "route print" - which shows you which "way" traffic destined to different networks will take. Usually there will be a so called default route, which is first in the list and 0.0.0.0 0.0.0.0 and has your local ISPs router/modem as a Gateway address.
After connecting to the VPN, do another "route print", and notice the differences in the routing table - the new entries will most likely have a Gateway address associated to your VPN.
2) If a VPN connection routes every traffic, or only specific addresses (usually private addresses used at home or in corporate networks), depends entirely on the configuration applied by the VPN's administrator (or sometimes on configuration applied to the VPN client).
The reason can be a very easy one - usually only traffic to your company's Intranet needs to be routed through the VPN, as those addresses are not publicly accessible. The "common" traffic - everything publicly available via your home internet connection - has no need to be routed through the company's VPN, and just consumes bandwidth on your company's WAN link, processing power on the VPN endpoint and so on.
Nevertheless, some companies might still route all traffic through the VPN, be it for traffic inspection, some kind of security rule, or because the employee may be based in a country where internet access is restricted/monitored, so these restrictions or dangers can be avoided.