VPN data encrypted or not?

mattt

New Around Here
Hi all,

I have the following setup

Modem/router ===Router====PC and other

I use nordvpn as security. If i plug my pc into router (so wired), turn on the vpn client on my pc, and run wireshark on ethernet, i can clearly see that the packages are secured with the wireguard protocol.
The thing is i want to run the vpn on my router (router above) so that everything that connects to the router automatically uses the tunnel created. It is an asus router running on merlin. I have already setup vpn on the router, and it works in the sense that i do get a different ip address (also did dnsleaktest which also seems good). The thing i want to check now is if the data send and received is really encrypted. I plugged my pc in router( above) and when running wireshark i still see the websites i visit in plain text (when i filter tcp contains "website i visited" in hello client for example). I also expected to see openvpn as protocol as i set the vopn up as openvpn. This makes me believe that although the vpn is working in the sense that it changed my location, data may not be encrypted.
My question: Where in my network and how should i be capturing data with wireshark in order to see if it is encrypted? Is it at router above? At modem/router (which option do you then choose to capture data)?
 

Tech9

Part of the Furniture
I use nordvpn as security.

It doesn't give any extra security. Just the opposite, when run on a client it bypasses your router's security.

so that everything that connects to the router automatically uses the tunnel created

Read below before you continue. You won't get any extra security, but extra inconveniences for you and your family members.

 

ColinTaylor

Part of the Furniture
The encrypted VPN tunnel is between the client (running on the router) and the NordVPN server. The VPN tunnel does not effect local (LAN) traffic or the traffic when it exits NordVPN's server onto the internet.
 

Tech9

Part of the Furniture
The thing i want to check now is if the data send and received is really encrypted.

Most of today's Internet traffic is encrypted anyway. You don't need VPN on top to encrypt it again. You're just sending your user data to NordVPN.
 

eibgrad

Part of the Furniture
My question: Where in my network and how should i be capturing data with wireshark in order to see if it is encrypted? Is it at router above? At modem/router (which option do you then choose to capture data)?

You need to capture it on the router. You weren't specific as to router/firmware. But if it's ASUS/Merlin, you can install Entware w/ AMTM and add the tcpdump package for such purposes. You can't depend on Wireshark on the PC alone since the encryption/decryption process happens upstream of your PC. IOW, it's transparent from that perspective.
 

Weblee2407

Occasional Visitor
here is what I followed to establish whole home vpn


problems
4k got “iffy”
alexa got slow
speedtest download went from ~450 mbps to low 200 (encryption?)
banking websites have a fit and one actually disabled web access until we called in

It’s there and I test routing different devices thru the tunnel but now only my laptop when cabled consistently uses it. I didn’t get the bang I expected.
 

Gary_Dexter

Regular Contributor
here is what I followed to establish whole home vpn


problems
4k got “iffy”
alexa got slow
speedtest download went from ~450 mbps to low 200 (encryption?)
banking websites have a fit and one actually disabled web access until we called in

It’s there and I test routing different devices thru the tunnel but now only my laptop when cabled consistently uses it. I didn’t get the bang I expected.
200-250Mbps is the max you’ll get on a router with the specs it has (CPU power).

Banking websites blocking you etc. is usually the norm as well as they think you’re coming from an outside source or someone trying to cover their tracks accessing your account.
 

Tech9

Part of the Furniture

This is why I linked my post from another thread here in post #2. It works for some, but it depends on what the Internet is used for.
 

mattt

New Around Here
You need to capture it on the router. You weren't specific as to router/firmware. But if it's ASUS/Merlin, you can install Entware w/ AMTM and add the tcpdump package for such purposes. You can't depend on Wireshark on the PC alone since the encryption/decryption process happens upstream of your PC. IOW, it's transparent from that perspective.
Yeah this is what i was expecting. I think wireshark is catching the data between my pc and vpn router, which is not encrypted. Encryption starts after the vpn router. I will install entware and tcpdump. Is amtm necesary?
So with tcpdump i can see if the data that gets past my router is encrypted?

Btw, my router model is Asus RT-AC86U running on merlin
 

mattt

New Around Here
It doesn't give any extra security. Just the opposite, when run on a client it bypasses your router's security.



Read below before you continue. You won't get any extra security, but extra inconveniences for you and your family members.


Yeah i know the added hassles....

It is not clear to me because i read some conflicting information, but is my asus model (RT-AC86U) compatible with openvpn? And with Wire Guard?

I'm still making up my mind if i should return this router and go for the RT-AX86U.
 

ColinTaylor

Part of the Furniture
It is not clear to me because i read some conflicting information, but is my asus model (RT-AC86U) compatible with openvpn?
Yes, look at the VPN options in the GUI. It says "OpenVPN" right there.
 

Tech9

Part of the Furniture
I'm still making up my mind if i should return this router and go for the RT-AX86U.

AC86U has reliability issues history. Get AX86U instead.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top