How to detect if an IP address is using a VPN

Last Updated Dec 29, 2020
Emma Jagger

Engineer, maker, Google alumna, CMU grad

Virtual Private Networks (VPNs) are designed to solve many privacy problems for users.Due to elaborate encryption between a computer and the provider, it can be exceedingly difficult for a third party to be able to identify what someone using a VPN is up to. 

There are many good reasons for using VPNs due to being located in various countries which limit internet access and track the behavior of users. In fact, in these places, many people would wish to hide the fact that they are using a VPN at all, due to their use being restricted. 

However, there are legitimate non-restrictive reasons for wanting to detect if users are using a VPN on your network.The elusive nature of these tools poses a problem for those who wish to determine whether users are using a VPN to access your website. 

How to detect if an IP addresses is using a VPN

The truth of the matter is that by default, there is no easy way of detecting whether a user is using a VPN or not, unless the IP address that is being used has been identified as part of a VPN.

That said, there are several methods used by network engineers including sniffing large numbers of packets and noticing whether some or all of the traffic coming through is encrypted.While it is common for many internet tools to be using some form of encryption, if every bit of traffic coming through is encrypted, it is a fairly good sign that the user is using a VPN.

Most VPN networks use a fixed set of IP addresses.Over time, these addresses get identified by network engineers and these are eventually provided to lists which are stored in central databases. 

First you need to get IP address itself. Depending on the language or framework you're using, Abstract as a few recommended guides for that, such as "how to get an IP address in Ruby on Javascript", "how to get an IP address in PHP", "how to get an IP address in Ruby on Rails", and "how to get an IP address in jQuery".

Using an API to detect whether a VPN is being used

The good news is that you can make use of a large amount of work that has been done by others; there are common databases of known VPN IP addresses. While these will not catch every single example of a VPN (if they did, the point of using a VPN would become moot.Many people would simply not use them), you can still identify if a significant part of your traffic is using these tools. The methods for detecting a VPN are similar for the methods of detecting if an IP address is using a proxy.

The easiest way of identifying whether at least some of your traffic is using a VPN is to use an API like AbstractAPI’s geolocation tool.

By signing up for their free service, you can get an API key, and by using something as simple as a snippet of jQuery code on your site, you can get a wide range of information about the user.

Just enter a similar snippet of code to this into your site:


$.getJSON("https://ipgeolocation.abstractapi.com/v1/?api_key=YOUR_UNIQUE_API_KEY", function(data) { 
       console.log(data.ip_address);
       console.log(data.security);
   })

You can get a large amount of information. The API has many parameters you can use, but the data.security will provide information about whether the user is using a VPN.

Below is an example of some of the output you will receive(note, to get all of the below parameters you would need to request them individually, however the security entry will tell you whether the user is using a known VPN:


{
  "ip_address": "141.126.251.125",
  "city": "Chicopee",
  "city_geoname_id": 4933002,
  "region": "Massachusetts",
  "region_iso_code": "MA",
  "region_geoname_id": 6254926,
  "postal_code": "01020",
  "country": "United States",
  "country_code": "US",
  "country_geoname_id": 6252001,
  "country_is_eu": false,
  "continent": "North America",
  "continent_code": "NA",
  "continent_geoname_id": 6255149,
  "longitude": -72.5737,
  "latitude": 42.1754,
  "security": {
    "is_vpn": false
  },
  "timezone": {
    "name": "America/New_York",
    "abbreviation": "EST",
    "gmt_offset": -5,
    "current_time": "13:02:35",
    "is_dst": false
  },
  "flag": {
    "emoji": "🇺🇸",
    "unicode": "U+1F1FA U+1F1F8",
    "png": "https://static.abstractapi.com/country-flags/US_flag.png",
    "svg": "https://static.abstractapi.com/country-flags/US_flag.svg"
  },
  "currency": {
    "currency_name": "USD",
    "currency_code": "USD"
  },
  "connection": {
    "autonomous_system_number": 20115,
    "autonomous_system_organization": "Charter Communications",
    "connection_type": "Corporate",
    "isp_name": "Charter Communications",
    "organizaton_name": "Spectrum"
  }
}

Related articles