Running Express VPN on my Linux desktop. I happened to look at my Iptables and there was a rule chain allowing traffic to midnetworks.com
What is this ? Is it normal for EVPN to modify my iptables?
It’s normal to modify routing rules, yes,that’s how any VPN client routes all traffic in the VPN tunnel…
Never heard of midnetworks though, how did you come to that finding?
sudo iptables -L --line-numbers
Chain xvpn_ks_ip_exceptions (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – any any anywhere 10.0.0.0/8
0 0 ACCEPT all – any any anywhere 172.16.0.0/12
21940 2355K ACCEPT all – any any anywhere 192.168.0.0/16
0 0 ACCEPT all – any any anywhere 169.254.0.0/16
994 50184 ACCEPT all – any any anywhere base-address.mcast.net/24
1216K 390M ACCEPT all – any any anywhere midnetworks.com
EVPN response (which doesn’t provide much comfort)
Thank you for contacting ExpressVPN Support.
I understand your concern regarding the exception you saw from your IPTables.
This is normal and safe behavior. Our apps perform certain checks to stay in a refreshed state, and this activity is part of those checks. You can be assured that no information identifying you or your device is sent at any time.
You can read more about this on this page: Why do ExpressVPN apps occasionally contact domains I don’t recognize?
That many packets and that much data looks like it’s just the other end of the VPN tunnel. It’s not alarming that you wouldn’t recognise it because it’s their infrastructure, not something of yours