As the title says, I’m using a VPN client and my traffic is still visible in the router logs, and now I’m worried it may also be visible to my ISP. For context this is on android, and I’m using certain apps and visiting certain sites that I’d rather nobody knew about, and I’ve been under the impression that my traffic has been obfuscated until I checked my personal router’s traffic logs today and saw those URLs showing up. Am I misunderstanding how the VPN works? I thought the request should be going directly to the VPN server and thus would not show the sensitive URLs that I’ve been visiting.
Any advice is appreciated
You might want to get yourself a packet sniffer to figure out if your network is leaking
Hi u/opsecthrowaway_!
While you will see traffic on your router, it would only be traffic towards our servers as you described later on. If you are seeing traffic to other destinations you’re browsing / using an app for, here are a couple of things I’d need to understand better to help you:
-
Are you using the split-tunneling feature in the ExpressVPN app on Android?
-
What kind of router are you using, if you’re willing to share?
-
What feature of that router are you using to view logs?
-
Do the log timestamps match when you have the VPN on, on your phone?
-
What version of Android and what version of our ExpressVPN app are you using?
I’m trying to spot a misconfiguration as that’s likely the cause. Another possibility is that if you ever turn off the VPN, even momentarily, a lot of apps communicate on their own in background, which may explain why you see them in the logs. A good test would be to match the log timestamps to exactly when you’re connected to the VPN on your phone. If it’s something else, these answers will also help me figure out which direction we can go to further assess this. Thanks!
Disclaimer piece: I’m not with our Support team, but rather a Director within our engineering department. I engage on Reddit voluntarily, so my responses are not always quick.
Thanks for the reply, I appreciate you taking the time.
- Under the split tunneling setting, I have “All apps use the VPN” selected.
- I’m using an Asus RT-AX86U.
- There is a QoS feature in the router’s management web page that allows monitoring of web history. Basically, it records a timestamp, the request URL, and which device made the request (e.g. “Bob’s iPhone”, “LG Smart TV”, etc.).
- I have correlated the log timestamps with time when I had the VPN connected by deliberately visiting certain websites that I don’t usually visit and noting the time. Even with the VPN connected, I still see the traffic appear in the logs.
- I’m using Android 13 on a Samsung device with the latest security patch and ExpressVPN app v10.81.0.
I also have the VPN app configured to block traffic if it disconnects, and this seems to work based on times I have lost connection to the VPN server.
Again, I appreciate your time in helping me answer my question. It seems likely it’s user error on my part, but I can’t seem to understand what I’m doing wrong.
No problem at all!
Thanks for the additional context. I actually have a spare AX86U sitting at home along with an Android at version 13, so I can get a try to simulate your setup later this evening when I’m home! Heads up, I live in Asia so my evening is still a ways away. I’ll let you know!
In the meantime, would you be ok to provide a screenshot or copy/paste of some example logs you’re seeing? I realize you mentioned your desire to hide the information specifically, so I’ll definitely understand if you don’t want to. If you’re interested though, you can post here, DM me, or I can provide a more direct and secure method if you want as well.
Thanks!
Disclaimer piece: I’m not with our Support team, but rather a Director within our engineering department. I engage on Reddit voluntarily, so my responses are not always quick.
I believe I may have solved the issue. I was using a system in the Samsung version of Android called “Secure Folder”, which I believe creates a separate virtual environment of sorts. This was allowing apps and websites to bypass the VPN that was active outside of the secure folder. Once I installed and activated the VPN inside the secure folder and reran the tests, I no longer see the traffic appearing in my router’s logs, which leads me to believe that it’s working properly. As I suspected, it was user error on my part.