Connecting to work through VPN client: is home network traffic from other machines visible to them?

I started working a new job which is a remote position. It requires connecting to the company VPN through a Cisco client on a dedicated work machine. That machine is connected (wirelessly at the moment, though I will probably wire it at some point) to my home network, which of course also has my other personal machines on it.

If there is, theoretically, any general Internet traffic on one of the other machines on the network, would that also route through the VPN? Or is only the traffic from the machine with the VPN client going through it? Not that I’d ever browse a non work-related site while working, but I’m just curious if it would show up. I’m not a networking guru and I’m not even really sure how I would determine that, and if it is how I would isolate the work machine’s traffic. I mean, in theory. I did some Google searches but I’m having trouble getting the information I’m looking for.

The VPN connectivity would only apply to the work machine where the VPN client was installed. The personal machines would continue to use their normal paths of connectivity. As an overly-simplified explanation, the VPN client works by modifying a computer’s rules on how data is routed from that computer to other computers. With the VPN client active, instead of routing data through whatever usual channels would be applicable, that computer would route data to your company’s network instead. Since your personal machines do not have the VPN client installed, their data routing rules would not get modified and they would continue to use their default routing configurations.

A way your company could snoop on your home network activity is if they used the VPN connection to install some spyware on your work machine. Then, they could use the spyware on your work computer to monitor your home network. This is a rather unlikely scenario.

Thanks, that’s what I suspected and while I’m not too paranoid about them spying on me (and I do work hard) - if I need to say, surf the Dope a little during the day to break up the monotony I don’t want to get anxious about the possibility of being reprimanded for it.

I know the VPN is an encrypted tunnel… what I wasn’t sure of was whether that tunnel terminated at just the machine running the client or only at my point of access to the Internet (i.e., my router). Thanks for clarifying.

Any crosstalk between the work network and home network is discouraged. Security folks try to prevent ever bridging networks, so that their fancy firewall isn’t breached by some bozo’s home network configuration.

As such, home and VPN are usually kept separate, like church and state.

It is possible to share local addresses over VPN, this is a “split” VPN configuration. I don’t know how hard it is to persuade corporate network security folks to allow this.

ETA: Oops. Didn’t see the part about surfing the Dope. Because of the separation I describe above, you are likely going through your corporate network gateway for all traffic, including the Dope. Test this by going to a site that shows your ip address. You might see a corporate one.

(Too late for edit)

Missed the part about surfing on a different non-work machine. That one is perfectly safe and will not be seen by your employer.

Gah, post/quote/edit fail.

Wait, now I’m confused as this seems contradictory to me. You’re saying that the home network is kept separate from the VPN, yet the computers on my home network (which are not running the VPN client) would be going through it too?
ETA:

Ah, OK. Yeah, I’m not dumb: work machine is only for work. I have plenty of other machines for fun. :slight_smile: