When using a VPN, regardless of if you are using a hardware or a software based solution, you should always check the logs that are generated by your router. Looking at these logs will help you identify potential problems that may arise from using the VPN, and what you can do to fix them. In this article, we will discuss some of the most useful things that you should look out for in your router logs when using a VPN.
Every time that your VPN client connects to the VPN, the router will record the status of each of your connected interfaces in a log. This record of information is called the interface status log, or simply interface log for short. One of the most useful things related to the interfaces is the interface state, which can be one of the following:
- UP – This means that the interface is up and running (i.e., it has an IP address that is associated with a hostname).
- DOWN – This means that the interface is down (i.e., it does not have an IP address that is associated with a hostname).
- IDLE – This means that the interface is neither up nor down (i.e., it does not have an IP address that is associated with a hostname).
- DEAD – This means that the interface has been deprecated (i.e., it works, but should not be used in new builds).
When you use the VPN, your computer will send a query to the VPN asking for an IP address. The VPN client on your computer will then use your internet connection to connect to the VPN server and get the IP address. In most cases, your computer will then use the IP address to access the internet. During this time, your computer will appear to be connected to the VPN, but will be logging all of the activity that it does on the network (i.e., all of the traffic). Because this is what is generally known as a true “split” or “shared” connection, the data that your computer sends while connected to the VPN will be recorded in your router logs.
Destination IP Addresses
When you use a VPN, you usually have a preset list of IP addresses (i.e., locations) that you want to connect to. Every time that your VPN client connects to the VPN, the router will check the list of destinations against the IP addresses of the connected interfaces. If there is a match, the router will save the associated IP address in a log. This list of addresses is called the destination IP address log, or simply the destination log for short.
Whenever your computer sends data to a host on the internet, the packets will travel through the VPN and will be recorded in your destination log.
Log Entry Timestamps
Each entry in your router logs will also have a timestamp associated with it. When you use the VPN, the timestamp will be the time that the log entry was generated by the router.
For instance, let’s say that you are running macOS and you connect to the VPN using the Terminal app. Whenever the Terminal app is used to connect to the VPN, a log entry will be generated and logged by the router. With this type of connection, the timestamp will always be the same because the VPN is always attached to the same interface (i.e., the one that you connect to using the Terminal app).
As another example, suppose that you are using the Tunnelblick app to connect to the VPN. Even though you are connecting to the VPN using a different interface (i.e., your iPhone), the logs will still be associated with the same timestamp because Tunnelblick is using iSCSI to connect to the VPN. In this case, the timestamp will be the same as the one that is listed in the router configuration screen for your iSCSI interface.
Type Of Data Traffic
You can tell a lot about how your router is handling network traffic by looking at the entries in the log file. If you are new to this, you may want to focus on the “Type of data traffic” field, which is found under the protocols column in the router configuration screen. This field will list the type of data traffic (i.e., all, voice, video, etc.) that is being handled by the device.
For example, let’s say that your computer is sending email packages to a host on the internet. The email will travel through the VPN and will be recorded in your destination log. If you look at the entries in your log file, you can tell which host the email is being sent to, and even what type of email client is being used (i.e., Outlook, Gmail, etc.).
The router logs will also store information about all of the routes that are being used. A route is a set of instructions that are followed in order to reach a specific destination. Let’s say, for example, that you have a VPN server that is located in New York City, and you want to connect to it from your computer in Seattle. In order to do this, the router in Seattle will have to know how to reach the VPN server in New York City. Normally, this would mean that the router in New York City would have to have a static entry in the routing table (i.e., a way to find and remember the server’s IP address) that pointed to the VPN server in New York City. However, in order to reduce administrative overhead, routers can have the ability to dynamically learn routes. In this case, the router in Seattle will have to first query the VPN server in New York City to find out the IP address of the next hop (i.e., the final destination). Once the IP address of the next hop is known, the route can be added to the routing table.
When a route is saved in the routing table, it will be associated with a timestamp. This timestamp will be the time that the route was learned by the router.
When you use a VPN, you will be asked to provide some type of authentication information. This information can be entered manually on the router, or it can be configured automatically using a VPN client. The authentication method that is being used will then be listed under the authentication subsection of the router settings screen. In either case, the logs will have detailed information about how to connect to the VPN and what types of credentials were used (i.e., username, password, etc.).
Let’s say, for example, that you are using the Tunnelblick app to connect to the VPN. You will be asked to enter your username and password when you initially connect to the app. If you look at the logs, you can see that they contain a lot of information about the types of credentials that you are using (i.e., they are not just generic “VPN” information). In this case, the logs will contain the following information: