Device connected over VPN not recognized by fingbox

mozarella
mozarella Member, Beta Tester Posts: 128
100 Comments Second Anniversary 5 Answers 25 Likes
✭✭✭
edited August 20, 2019 in Fingbox #1
Hi,
i have noticed that devices which are connected to LAN over VPN are not recognized by fingbox. I'm using as internet-router a device called Fritz!Box from german's firm AVM Berlin. This router can offer VPN-Services for devices outside the LAN. When i start VPN-connection on iphone, my iphone will get an IP from local subnet and will also answer ping-requests sent from LAN to iPhone's local VPN-IP.
My local subnet is 192.168.10.0/24 and iphone connected via 4G/LTE and VPN will get 192.168.10.201 as IP.
I'm wondering, why fingbox won't recognize this device over IP. Because IP is up and reachable through ping.
regards,
mozarella

Edit: just used angry ip-scanner and scanned the local subnet, the device connected over VPN will be listed
Tagged:

Comments

  • Pooh
    Pooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    edited August 20, 2019 #2

    I'm going to hazard a guess and say they it's probably because Fingbox is doing an ARP scan to detect devices and that ARP scan isn't getting thru the VPN box.


    TCP is a 4 (or 5, or 7 - the number depends on the referenced model) layered protocol. ARP runs on layer 2(ish) (The internet/data link later) whereas many VPNs run on layer 3(again ish) (transport), ergo the ARP scan can't see the VPN connections.


    Now, this all said, I believe this is not a globally true statement and that there are VPN servers/appliances that so allow this higher level of visibility. That said, it's also possible that this is the exact reason you're not seeing the devices.


    @VioletChepil would it be possible to confirm this information?

    People say nothing is impossible, but I do nothing every day.
  • mozarella
    mozarella Member, Beta Tester Posts: 128
    100 Comments Second Anniversary 5 Answers 25 Likes
    ✭✭✭
    Fingbox is working another way than fing.app then? I'm thinking that fing.app running on iOS can't use ARP-Scan and can't determine MAC-addresses of the clients due to iOS limitations.
    If fingbox is not using IP-Scan, then it can't detect really all IP-devices.
    Or does it change sth when I set "slow network-detection"?
  • VioletChepil
    VioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Hey @mozarella Fingbox is monitoring by MAC address since it's getting those off the internal network. 

    Community Manager at Fing

  • mozarella
    mozarella Member, Beta Tester Posts: 128
    100 Comments Second Anniversary 5 Answers 25 Likes
    ✭✭✭
    That means, only direct connected devices will be seen by fingbox. All remote-devices (with local LAN-IP) won't show up. This is an security-issue
    Maybe it'll be possible to implement a way to ping all IPs from local subnet once within a period maybe all 10 or 15 mins. Devices, which are not direct connected to LAN (and don't have MAC present in that LAN) will be found by fingbox in that period.