Can Somebody Explain Network Monitor and VPNs

General discussions about Little Snitch
Post Reply
Posts: 6
Joined: Sun Jun 07, 2015 11:59 am

Can Somebody Explain Network Monitor and VPNs

Post by Psamathe » Sun Jun 07, 2015 12:04 pm

When I connect to my VPN, the network monitor shows application traffic as normal but also a fair amount of traffic to and from my VPN (under the openvpn "application"). And the openvpn traffic seems t keep moving the application to the top of the network monitor list (i.e. it's ongoing traffic rather than just setup) and enough to be far more than any "keep-alives" (or similar).

Could somebody explain if the openvpn recorded traffic is just "chat" between my computer and VPN server or when running with a VPN is it the accumulated traffic from all apps as their data passes through openvpn. It's difficult to try adding the numbers to check what might be happening.

(I'm not concerned about data volumes, just wanting to understand how things operate a bit more clearly).

Many thanks

Rank 1
Rank 1
Posts: 36
Joined: Wed Apr 22, 2015 5:35 pm

Re: Can Somebody Explain Network Monitor and VPNs

Post by ratty » Thu Jul 23, 2015 10:42 pm

I've noticed that too. I think it might an unsolvable bug. Anyways, openvpn "app" pings the server fairly regularly, so it will almost always be on the top, it's to route to server is working. So when you, let's say refresh a page in Safari, Safari sends request to a server, and LT checks if it's allowed, and records. When LT allows the data to be sent, openvpn intercepts, encrypts and re-directs that data to the VPN server it's connected to. When this happens, LT checks rules of openvpn and records again. Never knowing that it is the same data, as it's encrypted, and send by different app.

So in the Network monitor it's recorded twice, once under Safari going to it's final destination, then again under openvpn going to the VPN server. Receiving packets is the same too. As for openvpn saying that it's connected, that's because its true, it had to keep connected to server otherwise it would take too long every time some data is sent, to determine a route, then authorise etc.

Code: Select all

Safari --> Little Snitch | (check rules, and record)
                         | openvpn (encrypt and re-route) --> Little Snitch | (check rules, and record)
                                                                            | VPN Server (decrypt) --> Original Server

Post Reply