VPN trace route

I am inside an Active Directory (AD) domain and trying to trace route to another AD domain at a remote site, but supposedly connected by VPN in between.

the local domain can be accessed at 192.168.3.x and the remote location 192.168.2.x. When I do a tracert, I am suprised to see that the results did not show the intermediate ISP nodes. If I used the public IP of the remote location, then a normal tracert going through every intermediate node would show.

1    <1 ms    <1 ms    <1 ms  192.168.3.1
2     1 ms    <1 ms    <1 ms  192.168.3.254
3     7 ms     7 ms     7 ms  212.31.2xx.xx
4   197 ms   201 ms   196 ms  62.6.1.2xx
5   201 ms   201 ms   210 ms  vacc27.norwich.vpn-acc.bt.net [62.6.192.87]
6   209 ms   209 ms   209 ms  81.146.xxx.xx
7   209 ms   209 ms   209 ms  COMPANYDOMAIN [192.168.2.6]

Can someone explain how does this VPN tunnelling works? Does this mean VPN is technically faster than without?


Solution 1:

VPNs use tunneling to get packets from one end to the other. You wont see those hops . If you want to locate a problem router or failed router to the end point you must route your icmp packets outside the tunnel using the wan interface.

VPN is a bit of a broad term, it can use many types of encapsulation. Most commonly PPTP (point to point tunneling protocol) is used. More often than not with the use of IPSEC to secure the transmission.

(Avoid adding a PBR by just doing a traceroute from the router/firewall that the VPN is established from)

Solution 2:

If there is a site to site VPN setup between your two locations a trace route to the remote site will show less hops then a trace route to the Public IP of the remote site because the first trace route is not showing the nodes that the site to site is doing for you

It does not necessairly mean your VPN connection will make it any faster, in reality with the overhead of the VPN it can sometimes be slower but performance will depend on the type of VPN connection and speeds of all connections involved.