Traffic Only Over The VPN?

[DasFox]

Can you make Viscosity so that your traffic is only routed over the VPN, so as an example you are surfing the web and you only want to be on the VPN, so that if the VPN dies, then your connectivity dies, so that your IP is not exposed to the web.

I do see the Routing, send all traffic over the vpn setting, but I don't understand, unless this is what we set up to accomplish this, if so, can someone please explain?


THANKS

[James]

Hi DasFox,

Ticking the "Send all traffic over VPN connection" will ensure all of your network traffic goes over the VPN connection while you are connected.

As for killing your network connection if the VPN connection drops (to ensure you don't leak any network traffic), there are a number of approaches:

1. Using Viscosity's Disconnected Script Feature

Viscosity will run the Disconnected script whenever the VPN connection enters the disconnected state (a drop out or manual disconnect occurs). You can write a script that disables your network connection and specify it as a Disconnected script. For information on how to do this see: http://www.thesparklabs.com/support/run ... when_conn/

As an example, if you use wireless to connect to the network, you're AppleScript code may look something like:

Code: Select all

do shell script "networksetup -setairportpower en1 off"

2. Using OpenVPN Down Scripts

You could also use OpenVPN's scripting support to disable the network in a similar fashion to that above. If you go down this road I'd recommend using the latest beta 1.3 version of Viscosity, as version 1.2.3 and earlier will overwrite your down script if you have DNS support turned on for your connection. See the --up and --down entries on OpenVPN's Manual Page for further information.

3. Using The Routing Table

You can override Mac OS X's default route so when the VPN connection disconnects it tears down the default route, leaving you with no network connectivity. To regain network access you'll need to disable and reenable your network connection. You can specify a default route like so:

1. Edit your connection in Viscosity
2. Click on the Networking tab
3. Click the small "+" button to add a new route. Enter "0.0.0.0" as the Route/IP, "0.0.0.0" as the mask, "vpn_gateway" as the Gateway, and leave the Metric field blank. Click Add.
4. Click Save and test what happens when a dropout occurs.

Cheers,
James

[DasFox]

Seems like 3 for the routing is the simplest, but when you say dropout, you also mean disconnect?

So this looks correct?

http://img11.imageshack.us/i/screenshot ... at411.png/

http://img824.imageshack.us/i/screensho ... at412.png/

So if I also disconnect the VPN connection should I not be able to surf too?


THANKS

[DasFox]

Looks like 3. Using The Routing Table is the simplest way to go about this, but as you said you then have to disable then network to get it started again, for me that's hitting the - minus sign to remove the net and then + to add it and then I renew the DHCP and I'm back. I don't see any other simpler way to restart the net...

Maybe in a future version you can implement some sort of feature that can be clicked on, to restart the network, or something to that effect to get it back...

So on the route mask and gateway I have it at 0.0.0.0 and the metric blank...

I disconnected from the VPN and BINGO I was DEAD! Perfect just what I wanted, now if there were just a simpler way to get the network back, hehe...


THANKS

[nickhell]

Hi, i hope this helps someone and thanks for the info James.
http://forum.hidemyass.com/index.php?/topic/6799-mac-os-x-vpn-bittorrent-and-binding/page__view__findpost__p__18438

[James]

Hi nickhell,

Thanks for the contribution - I'm sure others will find your detailed post very helpful!

Cheers,
James

[mperes]

Just resurrecting the topic, if you opt to overwrite the Routing table, you can later enable/disable the connection on the terminal or by script:

sudo ifconfig en1 down (disables)
sudo ifconfig en1 up (enables)

you should change en1 for en0 or whatever interface you are using to connect to the internet. Cheers

[Schmye Bubbula]

After I do the:

Code: Select all

sudo ifconfig en1 up

...my AirPort is still turned off and I have to turn it back on manually in the AirPort item in the menu bar.

What is the terminal command to additionally turn AirPort back on?
(Mac OS X 10.5.8)

- -
Edit: I found it Googling around:

Code: Select all

sudo networksetup -setairportpower on

It will work without the sudo, but then it gives an error that I have no idea whether it matters:

cp: /Library/Preferences/SystemConfiguration/preferences.plist.old: Permission denied

In Snow Leopard (dunno about higher), you have to use sudo, as well as add the complete filepath to the command and the network device name, e.g.:

Code: Select all

sudo /usr/sbin/networksetup -setairportpower en1 on

[Schmye Bubbula]

When using method #3 above to add a new route in one's Viscosity connection Networking tab, exactly when does the new route get put in place? While the connection is being attempted, or after the connection is successful?

[James]

Hi Schmye,

OpenVPN creates routes during its route addition phase (after a connection has been established with the server and the Tun/Tap adapter has been brought up, but before it reports the connection as established and it appears connected in Viscosity).

Cheers,
James