Information Security
tls vpn javascript ip
Updated Thu, 08 Sep 2022 23:17:05 GMT

Is it possible to get "real" IP from a host machine which is using a SSL-VPN connection?


We'd like to obtain the public IP of a user that connects via SSL VPN, the one that the user would have if he didn't connect that way.

But this looks impossible to do, if we use web services like the ones shown here: https://stackoverflow.com/questions/391979/how-to-get-clients-ip-address-using-javascript, when user is not connected via SSL VPN, it gives the correct IP, but once the user connects if a webservice like that is called it gives the public IP of the connected machine.

Maybe I'm missing something, that's the reason I'm asking if there's such a way, but I'm afraid there's no way to control from javascript that calling that service could be done outside of the SSL VPN connection once it's connected there.




Solution

In general that's a hard task, and unless there is an exploit on the VPN solution that allows someone to get the IP, I'm afraid that is not possible. Let me explain why:

Take as an example the following network diagram

UserA <------- VPN -------> VPN Service <----------------> ServiceB

In general when you make a VPN connection on the user side, all traffic is tunnel through a device (VPN device) on the UserA. Of course, you can configure the VPN client to not tunnel all traffic (for example youtube traffic, google, etc..) but in general, that's how works.

So the traffic between the UserA and the VPN service is encrypted. At this point, the UserA IP is known by the VPN Service. Then the VPN service establishes a session with a ServiceB with the IP addresses of the VPN Service, so ServiceB only has visibility on the VPN Service IP.

Even if you have a javascript on the ServiceB and that javascript is executed on the UserA, the traffic generated by that javascript will be routed through the VPN.

So the only case that I see is that there is a misconfiguration on some point of the client VPN or on the VPN Service that may be exploited by some code.







External Links

External links referenced by this document: