Why does a computer using VPN still show the same IP?

I just checked that, even if I am home and connect to my work place through VPN, and check for my IP address, it is the same as my home's IP address.

(for example, using Google, and search for my ip, and Google will tell you your IP address).

So if I use my home computer, and check for the IP, and if I use my Macbook Pro which connected to my work's VPN (through my home wireless network), the IP are the same. I thought VPN works so that it is "as if I am at work", making it so that an intranet that I can't access at home become accessible because it is "as if I am at work", but then why and how can I show the IP as if I am at work?


Solution 1:

The VPN makes it so that it is "as if you are at work" when you access work machines. A VPN can also handle general Internet traffic, but it doesn't have to, and generally that just wastes resources and isn't done unless there's some specific reason to do so.

When you want to access Google, which makes more sense:

  1. You just send the packets to Google.
  2. Google just sends them back to you.

Or:

  1. You encapsulate the packets, encrypt them, and send them to your VPN endpoint.
  2. The VPN endpoint decrypts them and sends them to Google unencrypted.
  3. Google sends them back to the VPN endpoint.
  4. The VPN endpoint encrypted them and sends them back to you over the VPN.
  5. You receive them and have to decrypt them.

Notice how this makes all your traffic go over the VPN endpoint's Internet connection twice? And what benefit does this provide?

Solution 2:

That's because it defaults to split tunnel vs. full tunnel, which is better in many cases. You wouldn't want your torrents or random browsing habits to be monitored by IT, also that will increase latency, introduce bottlenecks, etc.

The difference here is basically where your default route is pointed in your routing table. If it's pointed at your work gateway, that's full tunnel, and if it's pointed at your "home" router gateway that's split tunnel.

If you want to send your traffic through your work for some reason, there are a couple things you can do.

  1. Is there a full tunnel option when you log in? Use that.

  2. Do you have a proxy server you have to use at work to get out? Set that up manually in your browser, now your http(s) traffic will come from your workplace.

  3. Change your default route to go through your VPN interface. Pull up your terminal and become root. route change default -interface $INTF where $INTF is probably like vpn0 or something. you can run ifconfig to check.

After you do this you may notice that you can't get to your printers, etc. do a route add 192.168.1.0/24 -interface $INTF where $INTF is whatever you are using wlan0 or eth0.