Accessing non-HTTPS over VPN is it safe?

Question

So I am using ZeroTier VPN to access local devices, routers(to which I installed ZT on the router, explained here), local servers and devices remotely. However, accessing my router for example I only access it without HTTP, e.g. http://192.168.1.1 which is basically the same way I do when I am physically near the router itself.

On my laptop, there's the ZeroTier Virtual network adapter which is the one handling my access to the IP mentioned so even I am away from the physical location, I can access the router as if I am there, hence, VPN.

My question is, accessing non-HTTPS over VPN is it safe to access non-HTTPS devices? Usually passwords / sessions are part of HTTP payload either through HTTP query parameters or headers.

score 2 · Accepted Answer · answered Oct 04 '20 at 13:37

Any VPN can only protect from eavesdropping between the two endpoints of the VPN, i.e. your computer and the VPN server. The VPN traffic itself is encrypted, (in theory; with ZeroTier you have to trust them) so it doesn't matter if the payload is plaintext. If you make a plaintext HTTP request then it will not be encrypted in any way between the VPN server and the destination web server.

Accessing non-HTTPS over VPN is it safe?

1 Answers1