VPN Question - Multiple Devices on a Network

[Jimbo542]

Hi all,

I have a newbie question regarding the use of a VPN service with multiple devices connected to the same network.

My home network is arranged such that a router/gateway connects via Ethernet cable to my desktop PC. In addition, the router/gateway broadcasts wifi which I connect to with laptops, phones, tablets, and other devices.

Here is my question: If I connect to a VPN service on a single device (such as a laptop or tablet via the wifi connection) but other devices connected to the same network are not actively using the VPN service, is there any reason to be concerned that the security (IP address) of the single device using the VPN is somehow compromised by the other devices? In other words - do all devices currently connected to a home network need to use the VPN in order for security to be ensured? Or can a single device connect to a VPN by itself and still be secure (while other active devices on the same network are not)?

 

[mv2devnull]

Your router does NAT, does it not? (Most do.)

When an application on device, say browser on laptop, communicates with application on another device, for example the HTTP-server on forums.anandtech.com, there is a connection between them. One sends data packets with own IP address as "sender" and target's IP as "destination". The other takes the sender and uses it as destination on its replies.

When those packets go through NAT, that device in the middle modifies the addresses in the packets. forums.anandtech.com does not know about your laptop. It believes that is communicates with something, for "sender" is the public IP address of your router. In fact all traffic from your home devices appears to originate from the router, as far the internet is conserned.


Now you use a different connection to different server with different application. It is seen to originate from the same IP address (of your router). The content of the packets is apparently gibberish; encrypted. About the same time as packets flow between your laptop and the remote server, an another device near the remote starts sending regular traffic, like http, to various destinations. To create, use, and close connections. Who is this mystery device? It has the public address that the VPN service has assigned for your laptop when you did start VPN connection. Either the laptop has that address directly, or there is NAT at the VPN-servers's end. Essentially the type of VPN that you consider is just custom routing.

Devices on your home network, the router included, can at most see that your laptop has an encrypted connection to VPN service's server address.


What is this "security" that you assume to achive or fear to lose?

 

[Jimbo542]

What is this "security" that you assume to achive or fear to lose?

Thank you for the detailed response. I'm very illiterate when it comes to network terms and mechanics so apologies if I do not seem to understand your post entirely. My main concern security wise is that the IP address of a device connected to a VPN is somehow influenced or compromised by other devices (not connected to said VPN) using the same router. I want to ensure that the IP address of a single device connected to a VPN on the shared home network/router is always unique and isolated. This concern is honestly just unfounded speculation on my part, but I wanted to hear from those who have a better understanding about networks regarding the topic.

As for the router having NAT, I'm really not sure. Is there an easy way to check/confirm? Would it make an important difference if it does have NAT?

 

[mxnerd]

If it's a home router (most cases), you have NAT. All of your local devices behind home router have private IP addresses like 192.168.x.x, 10.x.x.x, 172.x.x.x.

You only get one public IP address for your router from ISP for home users. If you want to have more than one public IP address, you have to buy from ISP.

 

[robvas]

The other devices can’t use the vpn tunnel... and their public ip will be your home up address while the device using vpn will use the public ip of whatever the vpn endpoint is that it’s connecting to