Basic 101 Networking question

I always wondered this and should have asked way sooner about this, but here goes: when do app connect to the internet? Is there traffic going in and out at all times?

Let’s take a specific example. If my steam app is opened and I switch from a vpn connection to the other, does steam sees this?

Same question but for browsing experience. If I open 10 different tabs and they all already loaded. I turn off my VPN connection because let’s say a bank block all VPN connection. Will all the other tabs opened know?

It doesn’t really matter because I use 2 different browsers for 2 different set of browsing, but I was just wondering what is the opsec here.

When you switch or disable your VPN, apps like Steam may notice the IP change, causing brief disconnections. Loaded pages usually continue, but new actions will use your real IP, which some sites may block. Using separate browsers or incognito modes can improve security.

1 Like

First thing first: incognito mode is not 100% incognito anymore.

What do you mean by loaded pages continue?

There’s an on going traffic even if they are loaded? So they would “see” that I changed IP?

Thanks

Loaded pages could be running some JavaScript that makes background connections.

1 Like

Great, thanks! So what is the best practices when I have to shutdown my VPN because of a banking website for example?

Also, how do people that put a VPN on their router manage this problem?

Bumping this one please :slight_smile:

Do you really want to know the best practice? Because, well, the best practice would be having a separate device for non-VPN activities, or using Qubes and having a VPN-connected qube and a non-VPN qube :slight_smile:

2 Likes

Ok, let me reformulate :rofl:

Without using compartmentalization, how do people manage sites blocking their VPN when they install the VPN on their router?

Off the top of my head there’s really no good ways to do it securely without compartmentalization, but there are more convenient methods than the ones I gave as an example.

Many VPN clients allow you to split tunnel and exclude apps from the VPN, so you could have Brave Browser going through a VPN and Firefox not going through a VPN (or, whatever), and then use each for different sites depending on need. Still compartmentalization though.

If you’re doing it on a router it is harder to bypass. This is why I don’t really like using VPNs on routers (or DNS-based ad blocking) unless you have to, it’s usually better to have a VPN (or adblocker) on each device.

Depending on your router you could probably set static routes to bypass the VPN connection for each individual IP address you want to whitelist.

1 Like

Great! This makes total sense and work better for me :slight_smile:

I’m not there yet (Qubes) and I’ll probably never go that far, but we’ll see. I’ll go the split tunneling route, I didn’t think of that!

I just thought of something else.

If I switch from one VPN connection to another with “stealth option” while kill switch is on, would that also work?

Wouldn’t Portmaster SPN be an option for this? I’m currently running SPN with Proton set to Split Tunnel and only route certain, SPN excluded, apps through it.

1 Like

Woah, this just blew my mind. What’s the catch? Why isn’t everybody talking about this lol?

Isn’t this much better then using a traditional VPN? Also, would every tab have a different IP address? Am I understanding that right?

Edit:

So I answered my question:

" Does the SPN route connections on a per app basis?

No, it routes every connection individually. So as an example, when you open several websites in different tabs in your browser, every connection will be calculated individually - giving you multiple identities for each app."

And the catch is this, although I’m considering it:

Does anyone have the answer to this? @jonah ?