VPN Traffic Sequence on PC through VPS

When a VPN application is configured on a PC, traffic is encrypted on the PC itself before being sent through the router with VPS. In this case, the sequence will be: PC (VPN client) → router → VPS → internet. However, if you configure the VPN connection directly on the router, then the router with VPS will be first in the chain, encrypting all traffic from all connected devices, including your PC.

Table of Contents

• Main VPN Traffic Scenarios
• Traffic Sequence with VPN on PC
• Traffic Sequence with VPN on Router
• Comparison of Both Approaches
• Practical Recommendations
• Technical Details of Encryption

Main VPN Traffic Scenarios

When using a VPN, there are two main configuration scenarios that determine the traffic processing sequence:

1. VPN client on PC - The VPN application is installed and runs directly on the user’s computer
2. VPN on router - The VPN connection is configured at the router level, which handles traffic from all connected devices

Your question specifically concerns the second scenario, where the router is configured to work through a VPS in another country, allowing you to bypass VPN application restrictions on the PC itself.

The traffic sequence in these two scenarios differs fundamentally, and this is important to understand for proper configuration and ensuring security.

Traffic Sequence with VPN on PC

When the VPN application is running on the PC, traffic follows this sequence:

PC → Local network → Router → Internet
    ↑
VPN encryption

Detailed outgoing traffic sequence:

1. Application on PC generates outgoing traffic
2. VPN client on PC intercepts this traffic and encrypts it
3. Encrypted packets are sent to the local network through the PC’s network adapter
4. Router receives the already encrypted packets and simply forwards them to the internet
5. VPS (VPN server) receives the traffic, decrypts it, and sends it to the final destination

For incoming traffic, the sequence is reversed:

Internet → VPS → Router → Local network → PC
                ↓
           Decryption on PC

Important: With this approach, traffic between the PC and router remains unencrypted unless additional network-level encryption is used.

Traffic Sequence with VPN on Router

In your case, when VPN is configured on the router with VPS, the traffic sequence will be completely different:

All devices → Router → VPS → Internet
    ↑
VPN encryption

Detailed outgoing traffic sequence:

1. Any device (including your PC) generates outgoing traffic
2. Traffic is sent to the local network without prior encryption
3. Router with VPN intercepts all traffic and encrypts it before sending
4. Encrypted packets are sent to the VPS via the internet
5. VPS decrypts the traffic and sends it to the final destination

For incoming traffic:

Internet → VPS → Router → Local network → Devices
                ↓
           Decryption on router

Key difference: In this scenario, the router with VPS is the first element in the chain that encrypts traffic. The VPN application on the PC is not used and does not affect traffic.

Comparison of Both Approaches

Practical Recommendations

For your configuration with a router configured through a VPS in another country, the following recommendations:

Setting up Router with VPS

1. Choose the right type of VPN connection - Route-based VPN is preferred for flexible routing
2. Configure NAT-Traversal (NAT-T) - This will allow the router behind NAT devices to establish VPN connections
3. Use dynamic routing - BGP for automatic route updates
4. Configure correct routes - So that all traffic goes through the VPN tunnel

Security with Router Configuration

Important: When using VPN on a router, all traffic in your local network between devices and router remains unencrypted. For additional security, consider:

• Using HTTPS for local traffic
• Setting up firewalls on the router
• Regularly updating router firmware

Technical Details of Encryption

Encryption Process with VPN on Router

1. Packet formation - Device creates a network packet
2. Routing - Router determines that the packet needs to be sent via VPN
3. Encryption - Router applies encryption algorithms (AES, ChaCha20, etc.)
4. Encapsulation - Encrypted data is packaged into a VPN packet
5. Sending - Packet is sent to VPS via the internet

Cisco Configuration Example for Route-Based VPN

! Creating VPN profile
crypto ipsec transform-set AES-256-AES-SHA esp-aes 256 esp-sha-hmac mode transport

! Configuring tunnel
interface Tunnel0
 ip address 192.168.1.1 255.255.255.252
 tunnel source GigabitEthernet0/0
 tunnel destination 203.0.113.1
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile VPN-PROFILE

Conclusion

1. When setting up VPN on a router with VPS, the router will be first in the chain, encrypting traffic before sending it to the internet
2. VPN application on PC is not used in this scenario and does not affect traffic
3. The entire encryption sequence occurs at the router level, which allows bypassing any VPN application restrictions on the PC
4. For maximum security, it is recommended to additionally encrypt traffic in the local network between devices
5. Proper route configuration and NAT-Traversal are critically important for stable VPN operation through a router

This approach is ideal for bypassing VPN application restrictions on the PC, as all traffic is processed at the router level before it reaches your computer.

Sources

1. When is traffic encrypted when using a VPN? - Super User
2. From where does a VPN connection start encryption of traffic? - Super User
3. Configure Policy-Based and Route-Based VPN from ASA and FTD to Microsoft Azure - Cisco
4. VPN encryption: Encrypt your internet traffic | NordVPN
5. Traffic between User and VPN server is encrypted, is the traffic between VPN server and the internet also encrypted? - Quora