safety

Redirect all traffic via VPN: what it is and what it is for

There are many of us who highly value our privacy and like to maintain it by using a VPN. Using a VPN is a great way to maintain our privacy online, if we know how to use it well. We can redirect all network traffic through a private server, and thus we will be far from prying eyes. We are going to learn how to maintain our network connection through a VPN, and how to redirect all the traffic through it to keep all the data of any network communication that we wish to carry out safe.

Why might VPNs not encrypt all traffic?

In certain circumstances, a VPN service may not encrypt all traffic, and depending on how the VPN client is configured, we could tunnel certain traffic through the VPN and other traffic through our Internet operator or via WiFi, this last bypassing the VPN server. Due to these settings, it is possible that if you use a VPN, confidential data about us may be leaked. If we connect via VPN and it is not correctly configured, we could, inadvertently, provide confidential data that we would not give in other circumstances (on a public WiFi network).

There are times that parts of the traffic can escape the private tunnel that the VPN generates, depending on our needs, this can be a serious security flaw, or a characteristic of the VPN. We must remember the concept of « Split-VPN «, a Split-VPN or a divided tunnel consists in that certain traffic will go through the VPN server from the client, but other traffic will not go through said server, but will go directly through our operator, without providing us with data confidentiality and authentication. In the event that you have configured the VPN to redirect all network traffic through the server, and you find that you have a divided tunnel, then that is when the problems really come, because it is not the configuration that you have made.

Closely related to VPNs when we tunnel all traffic, we have another feature of VPNs is the « Kill-switch «, this functionality will allow us to block the traffic that leaves our computer in case the VPN goes down, that is, if the VPN goes down, the routes of the PC, smartphone or the device we are using are not modified, we will simply stop having an Internet connection, but no data will be filtered.

How to make sure all traffic goes through the VPN

A quick way to ensure that all network traffic is going through the VPN server is to use any service to check the public IP address of our connection. If we are redirecting all traffic, that means we should see the public IP address of the VPN server we have connected to, and we will not see the public IP address of our actual connection.

Another way to check that all traffic goes through the VPN is by checking the routes of our PC, server or device. On Windows computers you must open the command prompt, and type the following:

route print

In the routing table for IPv4 or IPv6 networks, when we are connected to our home router, the default gateway should appear with the corresponding route to the entire local network and the different subnets of the different network interfaces that we have. As you can see, what the first route does is forward all the traffic to the default gateway: network destination 0.0.0.0 (any), mask 0.0.0.0 (any), and the gateway is 10.11. 1.1 which is our router, and interface 10.11.1.2 is our IP.

In the routing table for IPv4 or IPv6 networks, when we are connected to a VPN server with traffic redirection, the default gateway should appear with the corresponding route to the entire local network and the different subnets of the different network interfaces that let’s have. As you can see, what the first route does is forward all the traffic to the default gateway: network destination 0.0.0.0 (any), mask 0.0.0.0 (any), and the gateway is 10.11. 1.1 which is our router, and interface 10.11.1.2 is our IP.

And in the second route we will see that, with any destination and mask 128.0.0.0, it is forwarded through the IP 10.8.0.5 which is that of the VPN tunnel, we will need both routes to correctly reach the Internet with any service.

In other operating systems you can also check the routing table and verify that the routes are correct, for example, in Linux systems you can put:

ip route show

How to redirect all traffic through VPN

Depending on the software you use in the different VPN standards that exist, we will have redirection of traffic completely, or only to certain subnets. The first thing to keep in mind is that services like Surfshark VPN, NordVPN, PureVPN and others always redirect traffic, regardless of whether they use IPsec, OpenVPN or WireGuard.

VPN connection created with Windows 10

If you have Windows 10 and have created a VPN connection with the protocols supported by the operating system, which is shown in network connections, you will have to review the following to make sure that we are redirecting all traffic:

  1. You have to go to Control Panel / Network and Resource Center
  2. You locate the VPN connection, right click on “Properties”, in the “Networks” tab you choose Internet Protocol version 4 (TCP / IPv4), we click on the Properties button again.
  3. In the window that will open, we will click on the Advanced button, here we make sure that the option “Use default gateway in the remote network” is checked. We click on accept and restart the VPN connection.

VPN connection with OpenVPN on any operating system

If you use the OpenVPN protocol, we must make sure that we have the following statement on the VPN server, so that the VPN clients correctly take the configuration and redirect all the network traffic.

push "redirect-gateway def1"

In this way, the “push” will tell the VPN client that it must send absolutely all the traffic through the VPN server. In case we have a VPN client with which to do “split-vpn”, when it receives this push it will automatically forward all network traffic, but we can avoid it and only have access to the local home network in the following way:

route-nopull
route 192.168.1.0 255.255.255.0 10.8.0.1

The 192.168.1.0/24 network will be the local network, and the IP 10.8.0.1 will be where the OpenVPN server is listening.

WireGuard VPN connection on any operating system

In the case of using the WireGuard VPN, if you want to redirect all traffic, in the client configuration file you must put:

AllowedIPs = 0.0.0.0/0

In case you want to access only certain subnets, and do split-vpn, then you should do:

AllowedIPs = 192.168.1.0/24

VPN connection are any IPsec

If you use a program to connect to VPN servers with IPsec, the way to forward all traffic through the VPN is by putting «0.0.0.0/0», this is something universal and is valid for both WireGuard and the rest of the VPN protocols that we can use.

As you have seen, it is really very easy to redirect all traffic through the VPN, but we must make sure that it is this way to avoid security leaks that could put our security and privacy at risk.

Leave a Reply

Your email address will not be published.

Back to top button