All network traffic forced through VPN?

Discussion in 'Networking' started by CaptainOrgasmo, Oct 26, 2012.

  1. CaptainOrgasmo

    Joined:
    Dec 16, 2010
    Messages:
    37
    Likes Received:
    0
    Hey all. I tried searching all over on how to do this, but I'm pretty networking-retarded so I'm having a ton of trouble figuring it out.

    Basically I'd like the option to have 100% of my personal network traffic go through a VPN and block everything else. I'm running OpenVPN at the moment and can at least connect to the VPN, but I have no idea what I'm doing otherwise. :( My other question: is this something that can be handled through my router and would that be a better/worse option than something software?

    Thank you so much in advance! This has been driving me nuts.
     
  2. Loading...


  3. RadiclDreamer

    RadiclDreamer Diamond Member

    Joined:
    Aug 8, 2004
    Messages:
    8,500
    Likes Received:
    2
    All you have to do is make sure split tunneling is turned off and all traffic must flow over the vpn
     
  4. CaptainOrgasmo

    Joined:
    Dec 16, 2010
    Messages:
    37
    Likes Received:
    0
    Awesome thanks!

    Do I turn it off through OpenVPN or somewhere else?

    Sorry for the stupid questions. Like I said, I know next to nothing about networking. :(
     
  5. CaptainOrgasmo

    Joined:
    Dec 16, 2010
    Messages:
    37
    Likes Received:
    0
    Just gonna bump this once, then I'll let it die.

    Any help is greatly greatly appreciated.
     
  6. mv2devnull

    mv2devnull Senior member

    Joined:
    Apr 13, 2010
    Messages:
    987
    Likes Received:
    4
    This is a question about routing. When your machine has a network packet, it has to decide where to send it. The packet has a destination address. If the destination is the same host, well, the trip is short. If the destination is in a subnet to which this host is directly connected to with an interface, the packet goes out via that interface.


    Yes, some routers do offer VPN. They most likely have about the same software as you would run on your computer; just a little bit different interface to configuring it. If the router does the work, then your computer does not even know that it is behind a VPN.

    VPN does involve encryption though. You CPU may or may not be more efficient at it than your router.

    If the destination is neither of those, it has to be sent to a machine in the local subnet that we believe can send the packet forward towards its real destination. That machine is called "router" or "gateway".

    You cannot send "all" via VPN. The other end of VPN does have a (public) address. OpenVPN must send packets via the normal interface and normal routers to that endpoint. It probably needs to be able to resolve names too, so all name queries cannot go to the VPN-tunnel.

    Everything else can be told to go via the VPN interface device and use the "internal IP" of the other end of the tunnel as the router. It is usually the "server-end" of the OpenVPN connection that configures the routing for the "client-end".

    The other end has to do NAT. Packets coming from your host via the tunnel will have your "internal IP" as "source". Nobody but the other end knows that IP. The other end hides your IP, pretends that your packets come from it, and then retranslates the replies so that they come to you via the tunnel. That is NAT and the other end has to be configured to do it.
     
  7. CaptainOrgasmo

    Joined:
    Dec 16, 2010
    Messages:
    37
    Likes Received:
    0
    Wow that's a ton to process, but thanks a bunch for all the info. :)
     
  8. CubanlB

    CubanlB Senior member

    Joined:
    Oct 24, 2003
    Messages:
    562
    Likes Received:
    0
    What have you been using as a resource for openvpn. Thats a pretty standard config option for the server. There are some supporting configuration you should also do for dns, etc...
     
  9. CaptainOrgasmo

    Joined:
    Dec 16, 2010
    Messages:
    37
    Likes Received:
    0
    I'm so clueless that I'm not even sure what this means. :(
     
  10. CaptainOrgasmo

    Joined:
    Dec 16, 2010
    Messages:
    37
    Likes Received:
    0
    So I had a friend help me this last night and he had me take a different approach.

    I'm now running OpenVPN + Comodo Firewall to block all traffic unless the VPN is connected. It's working fine for browsing, but when I fire up an application that uses the internet, Comodo wants to add a new wired network zone at: 169.254.244.233

    Whatever application I open appears to have internet for the first 10-15 seconds, but once Comodo recognizes the new network zone, the whole connection goes down (for browsing even). Then I'm forced to disconnect the VPN and re-connect to get the secure connection back.

    Any ideas? I'm thoroughly confused.
     
  11. RadiclDreamer

    RadiclDreamer Diamond Member

    Joined:
    Aug 8, 2004
    Messages:
    8,500
    Likes Received:
    2
    Sorry, split tunneling can be a client option, but it can also be forced by the VPN admin. In the case of OpenVPN, I am not sure. Here is an article that I found that goes over it though.

    http://dltj.org/article/openvpn-split-routing/
     
  12. sabahm

    sabahm Junior Member

    Joined:
    Dec 7, 2012
    Messages:
    14
    Likes Received:
    0
    Split Tunneling, a solution for you. It will route the traffic as per your instructions and companies like PureVPN and Ivacy are offering this service inclusive of their standard VPN account.