Hybrid VPN - probably stupid questions

[TheFx1]

Hi everyone,

 

I am running an XR500 with the latest available firmware (not the beta) and I setup hybrid VPN - so far everything works.

I looked through the forum and the documentation on netduma but couldn't really find an answer to my question. 

Is there a default behaviour for the hybrid VPN and if yes what is it? Now, let me expand on this.

- I found out that when a host is defined as a console it is automatically placed as a VPN client without the possibility to do any override (unless you change it to computer and if you do there might be some other implications with other services - GeoFilter for instance).

 

So: is there somewhere a list of "Device type" as per Device Manager that are automatically behind the VPN (e.g. using VPN by default for any service) ? I suppose that there is otherwise why would there be a Do not VPN these services option when defining the VPN traffic.

Same for the types that are by default not behind the VPN? (which would explain the presence of Only VPN these services). 

Are there any types that are defaulted to a specific behaviour without override? I found that console are automatically VPN and there is no override possible.

 

Thanks in advance,

TheFx1. 

 

 

 

 

[Netduma Fraser]

Basically if you apply the VPN and do not add anything on the right hand side then it won't apply to anything. It's completely up to you then which devices/applications/services to go through the VPN or not. A console device type is the only one that will not allow you to specify applications/services since we can't distinguish them on a console.

[TheFx1]

Thanks Fraser,

 

Just to make sure I get that right...

So if I add a host onto the right hand side if I do a do not VPN it assume that everything that is not in the list is VPN'd.

And if I add a host with only VPN, everything that is outside of the defined list is not VPN'd... 

Correct? 

 

BR,

TheFx1

[Netduma Fraser]

Absolutely, you've got it! That way you could VPN Skype on your PC but have Twitch running without the VPN for example all on the same PC.

[TheFx1]

Just to come back on this...

 

When you say consoles are automatically placed behind the VPN, I assume that we are talking about devices identified as Xbox, PlayStation, Wii and NintendoSwitch in the device manager. And I assume that all the remainder (Laptop,Phone,...) have the full VPN behaviour, right ?

Now when you say that the services cannot be distinguished on a console, I am failing to understand why. Please correct me if I am wrong, but the "services" are still TCP/UDP based, so I am trying to understand why "console" have a different status. 

On the flip side, outside of Hybrid VPN which has a separate behaviour between Consoles and not consoles,  are there any other parts of DumaOS that process the traffic differently between a console and a non console host ?

 

Just trying to understand the rationale behind as well as the impact.

E.G. one of my new host has automatically be catalogued as an Xbox (It is a switch with a web management interface) and my FireStick has been catalogued as an XBox too... 

 

Thanks in advance,

FX

[Netduma Fraser]

Yes that is right, any device with a 'console' device type when added to the VPN will be VPN'd as a whole by default. All other devices with other device types can be changed. 

I know this is technically incorrect but the traffic is encrypted or something along those lines which makes it difficult to distinguish. Don't quote me on that because encrypted isn't the right terminology. 

If you add a device with a console device type to the Geo-Filter it will add with the console service without letting you pick a service. It's possible also that Traffic Prioritization may prioritize console device types.