Normally your network traffic will just keep on going and get routed through your ISP and in doing so reveal your ISP IP address and location...
This wouldn't be good if for example you are on holiday in France and using Betfair...
There are programs that will monitor the VPN connection and in the case of a disconnect they can shut down applications to try and prevent this (assuming they can do it fast enough)
But a safer (and easier) solution is to edit your PC's routing table so that it will not send data other than via the VPN.
And Thanks to Pulsar on The Geeks Toy forum for helping me work this out!
First you need to remove the entry for 0.0.0.0 to your Gateway from your routing table as this is the default route for ALL network traffic.
Step 1: Open a command prompt (run as admin if using Vista) and type:
route print
This produces the following output, and in my case you can see that the 0.0.0.0 entry uses Gateway 192.168.1.1
So we need to delete this route from the routing table, but then what happens after the VPN drops and you need to reconnect?
Unless you can access the internet you can't log back into the VPN, so having removed all the routes you need to add a new route table entry just for your VPN server so that it can get to your gateway.
Step 2: Use ping
Step 3: Make sure your VPN connection is set up to use the IP address rather than host name (and if the IP address ever changes you'll need to do this again)
Step 4: Delete the default routing
At the command prompt type:
route delete 0.0.0.0 192.168.1.1
Step 5: Then add a route for your VPN server IP address (e.g. 83.170.76.128) to your gateway (e.g. 192.168.1.1)
At the command prompt type:
route add 83.170.76.128 mask 255.255.255.255 192.168.1.1 metric 1
And that's it... All network traffic goes via the VPN and if the VPN disconnects nothing gets out until it is reconnected...
Summary
To force all traffic to use VPN:
route delete 0.0.0.0 192.168.1.1
route add 83.170.76.128 mask 255.255.255.255 192.168.1.1 metric 1
To unforce (i.e. allow traffic to use your ISP again) put the default routing back:
route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 1
You can optionally use the -p (permanent) option to have your VPN IP route stay in the table without having to re-add it every reboot as it will not cause any problem having it there when the default route is enabled.
route add -p 83.170.76.128 mask 255.255.255.255 192.168.1.1 metric 1
If you do this with .bat files remember to run them as administrator if you are using Vista.
And in case you need more routes...
great! Just a note about metrics. it seems its used to prioritize routes entrys of equal network destination. (for a same network destination, lower metric route is preferred)
ReplyDelete