HideMyAss VPN

Friday, May 17, 2013

How to Use Proxyserver as VPN router alternative

By running a proxy server on a Linux device, you can let multiple devices use your VPN connection without the need of getting a VPN router.
This works on any Linux-based device, e.g. Raspberry Pi, Linux-on-Android (e.g. via Linux Deploy) or even on a virtual machine.
If you want even more security, prevent fallsbacks to your real IP and ensure that your whole system is using the VPN, check this:

Tutorials:Using local PPTP server as VPN router alternative


Advantages:
  • you can even let devices use the VPN that only support proxies
  • you can let an unlimited number of devices use the VPN
  • you can use the VPN from anywhere, even on places where VPN is blocked
  • you don't need a VPN router

Example scenarios of use:
  • Your router does not support VPN: But using a local proxy server on your Linux device, you can just let all your devices connect to the proxy in order to have them protected by HMA Pro VPN.
  • You have devices that do not support VPN, but do support proxies. Now they can be protected by the VPN as well!
  • You don't want to use internet connection sharing or purchase a VPN router to protect all your devices by the VPN.
  • HMA's servers are blocked on a public or on your mobile connection. Using the local proxyserver you can now use the VPN from anywhere, since you are still able to connect to your home IP.



This tutorial is using tinyproxy as proxy server.
Basic Linux knowledge is required though!

Contents



Step 1: Install necessary packages


apt-get install wget curl sed tinyproxy openvpn iptables nano


Step 2: Modify /etc/tinyproxy.conf


nano /etc/tinyproxy.conf

Scroll down to this part:

# Allow: Customization of authorization controls. If there are any
# access control keywords then the default action is to DENY. Otherwise,
# the default action is ALLOW.
#
# The order of the controls are important. All incoming connections are
# tested against the controls based on order.
#
Allow 127.0.0.1

Here you can add IPs or subnets that are allowed to use the proxy.
So if you want to let only client IP 192.168.0.35 use the proxy, add:
Allow 192.168.0.35

If you want to let the whole subnet 192.168.0.x use the proxy, add:
Allow 192.168.0.0/24

Now, scroll down to this part:
# ConnectPort: This is a list of ports allowed by tinyproxy when the
# CONNECT method is used.  To disable the CONNECT method altogether, set
# the value to 0.  If no ConnectPort line is found, all ports are
# allowed (which is not very secure.)
#
# The following two ports are used by SSL.
#
ConnectPort 443
ConnectPort 563

Comment the "ConnectPort 443" line, so it looks like this:
# ConnectPort 443
Of course you can also remove it.
This is required, otherwise the proxy can't be used while the VPN is connected via OpenVPN-TCP on port 443.

Save the file, exit nano.

Now, enable forwarding if you wish to have access to your entire home network while away.
Edit the ‘sysctl’ file.
nano /etc/sysctl.conf
Find “net.ipv4.ip_forward=1” and uncomment it (or change =0 to =1) to enable forwarding.
Now, execute the following command to apply changes:
sysctl -p

Step 3: Testing the proxy


Start tinyproxy by running "tinyproxy".

Now get onto your client to test the proxy.
Set it to use the IP of the device where tinyproxy is running, at standard port 8888.
This is easily done in Windows by opening Internet Explorers menu:
Tools - Internet Options - Connections - LAN settings
Check: Use a proxy server for your LAN
Address: IP of the device where tinyproxy is running on
Port: If not configured in tinyprox.conf otherwise, its 8888
Click OK.

Browse to e.g. ipaddress.com
If you get an error page, tinyproxy.conf wasn't properly configured to allow you access.
If you can browse, tinyproxy is working.


Step 4: Connecting to VPN


Now download the HideMyAss OpenVPN connection script:
wget http://hmastuff.com/hma-vpn.sh

Make it executable:
chmod +x hma-vpn.sh

Connect to the VPN (e.g. "./hma-vpn.sh -p tcp Texas")
When the VPN is connected, go to ipaddress.com on your client computer and check location again.
It should now show you the location of the VPN server. Thats all!
Now you can set any device to use the proxy server, and it will automatically use the VPN connection.


Notes


  • If you get any permission denied errors, or can't modify file contents in the editor, make sure you have root access.
    Do so either by first running "su" and then proceed, or prefix each command with "sudo".
  • To use the proxyserver from outside of our local network, you'll need to create a port forwarding rule on your router
    for the port the proxyserver is running on (in this example, TCP port 8888) to the IP of the linux device.
    Here's a list of tutorials for various routers on how to create port forwarding rules.
    Since you may not always know your external IP, consider using a Dynamic DNS service on it.
  • When running the proxyserver on a virtual machine, you will have to use a bridged network setup in your virtualization software,
    so that the device fetches its own IP from your networks DHCP server.
  • To prevent non-proxified traffic, you could forbid all traffic that is not coming from / going to the proxy servers IP, e.g. with Windows or Comodo Firewall.
    For links on how IP binding rules are created, see the article IP Binding
  • Having trouble with this tutorial? Have suggestions, improvements, questions? Feel free to email in at wiki@hmastuff.com

Internet Explorer Proxy configuration

How to make bittorrent only use VPN IP (Static IP without router)

This tutorial is with the use of Comodo Firewall but we will add any info we find about other firewalls at the bottom. I highly suggest using Comodo Firewall and it is free. Gives program specific control over any and all applications.

***This tutorial will work with OpenVPN (installed) client and PPTP connections for each server once setup!

Download Comodo Firewall here.. http://personalfirewall.comodo.com/

You can choose only to install the firewall during setup if you choose to keep your antivirus.

[Image: java7.png]

Warning! This only works for static IP address that are permanent, not dynamic or those using public WIFI! This also does not work if using a router and need to use the "universal" tutorial This only works going directly through the modem. Link: http://forum.hidemyass.com/showthread.php?tid=1462

Step 1:

Open Comodo Firewall and click Firewall, Advanced, then Network Security Policy. It already opens to Application Rules and where you will control your bittorrent client. If you haven't already run your client since installing Comodo do so now to be asked to allow and it will be inserted here. Otherwise click Add (top right) then Select (top right, new window) and choose running processes or browse to find (ie. program files/utorrent/utorrent.exe).

Step 2:

You will need you real IP to do the following so go here with VPN disconnected if you do not know your own IP.. http://whatismyipaddress.com/

Right click bittorrent in application rule list and choose Add and 1st rule will be IN rule leaving source as ANY.. add real IP

[Image: utorrent4.png]

Step 3:

Right click bittorrent in application rule list and choose Add and 2nd rule will be OUT rule leaving destination as ANY.. add real IP

Step 4:

Note: If you already ran the bittorrent and chose allow then you can just use the allow rule already there and skip this rule but make sure it's the 3rd rule underneath the two block rules of you IP.

Right click bittorrent in application rule list and choose Add and 3rd rule will be ALLOW rule for all other IP's (ie. VPN IP).. leaving source and destination as ANY will do this..

[Image: utorrent8.png]

Make sure you keep the two block rules above the allow rule or it will allow your real IP to connect, should look like this..

[Image: utorrent9.png]

You can move the rules by highlighting and then move up or down on the right side of the panel.

Now click OK (bottom right)

Done! Smile


[Image: java7.png]

Warning! This only works for static IP address that are permanent, not dynamic or those
using public WIFI! This also does not work if using a router and need to use the
 "universal" tutorial This only works going directly through the modem.
Link.. http://forum.hidemyass.com/showthread.php?tid=1462

Warning! Do not do this to HMA Pro VPN client, openvpn, DNS (ie. OpenDNSupdater)
and also System and svchost's or you will have problems!!!!! Best to control the last two
mentioned using port security. You can read more about that
here.. http://forum.hidemyass.com/showthread.php?tid=1416




To test run the VPN and then start a torrent file. Allow it to transfer to assure it's
active and choose Trackers to watch trackers for this.

[Image: utorrent6.png]

Now right click HMA tray icon and choose Disconnect and you will see transfer
slow to a stop and the tracker will show this..

[Image: utorrent1.png]

Note: This is related to the trackers updating so will not show refused until it
updates and changes to the above but your real IP will be blocked immediately!
You can speed this up to check by stopping and restarting torrent file or right click
torrent and choose Update Tracker.

Note: Doing the reverse, starting torrent with without VPN connection and then
connect to VPN you will see the trackers update to Working.

Check firewall and you will see this..

[Image: utorrent2.png]

Note: This is after VPN is disconnected and this is mainly the DHT (I keep on) trying to find others which uTorrent will continue to do.

This is my active connection in Comodo with 2 popular torrents trying to run disconnected from VPN. My real IP is only connected to the OpenDNS Updater which is correct just as your DNS will update with real IP. I suggest adjusting to use OpenDNS instead of your ISP. To setup go here.. https://store.opendns.com/get/basic

[Image: utorrent10.png]

If it isn't doing this then reread tutorial and start over.

Update: Now follow this link to learn how to quickly apply the same rules to any application in seconds.. http://forum.hidemyass.com/showthread.php?tid=1457

How to make bittorrent only use VPN IP - Universal IP

This tutorial will explain how to make any and all applications only use the VPN IP at all times and will block any leaks of your real IP using Comodo Firewall. This tutorial is universal for those who have static IP, dynamic IP and/or public WIFI IP usage. This tutorial is more cumbersome than the tutorial for static because specific VPN servers are involved in it's setup. If you have a static IP (permanent IP) and NOT using a router then follow the instructions here.. http://forum.hidemyass.com/showthread.php?tid=1298 I use uTorrent as example but you can use any application.

***This tutorial was setup to work originally with OpenVPN (installed client) but the PPTP uses a different range, updated Step 2

[Image: utorrent1b.png]

Download Comodo Firewall here.. http://personalfirewall.comodo.com/

This only works on PC, not Mac!

You can choose only to install the firewall during setup if you choose to keep your antivirus.



Step 1:

Open Comodo Firewall and click Firewall, Advanced, then Network Security Policy. It already opens to Application Rules and where you will control your bittorrent client. If you haven't already run your client since installing Comodo Firewall do so now to be asked to allow and it will be inserted here. Otherwise click Add (top right) then Select (top right, new window) and choose running processes or browse to find (ie. program files/utorrent/utorrent.exe).


Step 2:

You will need the servers IP range that you use to complete the following. It's very simple. While logged in to the VPN and connected to the server of choice (favorite) go here and find the VPN IP address.. http://whatismyipaddress.com/

Now take that VPN IP and write it down and your range will be the 1st 3 sets of numbers left the same but the last set will be .1 through .255. Example.. NJ US server will give you this 216.155.158.### so the range would be 216.155.158.1 - 216.155.158.255. Simple Smile

Update! For PPTP you will need to do the same as above and get the range for the PPTP connection. Example: NJ OpenVPN (installed client) will use 216.155.158.1 - 216.155.158.255 but the PPTP range is 216.155.145.1 - 216.155.145.255. So basically you need to write 2 extra PPTP rules for each server you use equaling a total of 4 rules per server and obviously the one block rule.

Find the application you want to control in the Application Rules list and and delete it's green allow rule.

Right click the application and choose Add and make the 1st rule "NY IN" (example) leaving source as Any..

[Image: allow2.jpg]


Step 3:

Right click the application and choose Add and make the 2nd rule "NY OUT" (example) leaving the destination as Any..

[Image: allow3.jpg]


Step 4:

Right click the application and choose Add and make the 3rd rule "Block the rest" leaving both source and destination as Any..

[Image: allow5.jpg]


Step 5:

Make sure that the block rule in red is the below the allow rules or it will block every IP including the VPN server. You can move by highlighting and then click move up or down on the right side of the panel. It should look like this..

[Image: utorrentblockrules.jpg]

Obviously this is the 3 main servers I use and you can add as many servers as you like. Just login to the server, get the IP, create the range (ie. .1 -.255) and keep adding but most important is you keep the block rule last.

Click OK (bottom right)

Done! Smile

[Image: java7.png]

Warning! Do not do this to the HMA VPN Pro client application, openvpn, DNS (ie. OpenDNSupdater) and also System and svchost's or you will have problems!!!!! Best to control the last two mentioned using port security. You can read more about that here.. http://forum.hidemyass.com/showthread.php?tid=1416

How to use Windows Firewall for blocking non-VPN traffic - IP binding

How to Always / Only Use VPN Connection and block ISP - Make applications only use VPN Connection.

This tutorial will explain you how to use Windows Firewall to block non-VPN traffic for selected applications, e.g. your torrent client, a browser, download manager, etc.

VPNs are great for added security when using the Internet - but what about when the VPN drops or disconnects? Unfortunately, if you use Windows (any version), any running application (for example, BitTorrent, your browser) will revert to using your ISP connection, exposing your IP address and opening you up to security and privacy issues. This is of particular concern when using a VPN to secure a public wi-fi spot. Windows will not prevent traffic in the event of a disconnect.

There are many guides found online to prevent this using third-party firewalls such as [[Comodo Firewall|Comodo], or using a third-party applications such as VPNetMon or VPNCheck (neither of which I know anything about, and cannot speak to their reliability or safety).

This guide will show you how to configure Windows 7 Firewall to block any specified application (I have used Firefox as an example - but you can pick any application, e.g. utorrent or your preferred torrent client) from using your ISP connection, and permit it to connect the the Internet using only the VPN connection. Users who are unfamiliar with the basic aspects of Windows 7 Firewall may wish to consult this guide. Unfortunately, this will not work with the built-in firewall in Windows XP or Vista.

If the method described below does not work for you (or perhaps you don't want to mess with your firewall, or you use Windows XP / 2000 / Vista / Mac OS X), consider using a VPN that offers a client with IP Binding, which will prevent any selected application(s) from accessing the Internet in the event of an unexpected disconnection.

HideMyAss! offers PPTP, L2TP and OpenVPN, and a client that can bind all network traffic to the VPN connection.


Preliminary Considerations:

1. If you use an antivirus program such as avast! that has a Web Shield / Filter that passes HTTP traffic through an antivirus/malware scan, you may want to consider this post.
2. The IPv6 functionality in Windows 7 can also leak IP information - you may wish to disable it - see the guide here.
3. After you complete the steps in this guide, you may want to consider adding a rule to block all traffic that does not match a rule to the Domain profile. See the guide here.
4. If you want to create these rules for one user account, and maintain less strict rules for another user account, please see this post.
5. If you are blocking a torrent application such as uTorrent, you'll want to disable uTP, DHT, UPnP, Local Peer Discovery and IPv6.




Steps:


1. Connect to your VPN as you normally would.


2. Open the Network and Sharing Center - right-click on the Internet connection icon in the taskbar and choose "Open Network and Sharing Center" (see below)






3. You should see (at least) two networks listed under "View Your Active Networks" - your VPN connection and one called "Network" - a.k.a. your ISP Connection. Ensure that your VPN is a "Public Network", and your ISP connection is "Home Network". If you need to change either connection, click it and an option window will appear (see below).







4. Go to the Control Panel and click System and Security (see below).






5. In the resulting window, click Windows Firewall (see below).






6. In the Windows Firewall  window, click Advanced Settings on the left pane (see below).
Note: You must be logged in as an Adminstrator to make changes to the Firewall Settings.







7. You should see a window titled Windows Firewall with Advanced Security. In this window, click Inbound Rules (see below).






8.  On the right pane, you will see an option for a New Rule. Click it (see below).






9.  In the New Inbound Rule Wizard (which should appear), do the following:

   
  • Choose Program and click Next.



  • Choose the program you wish to block all traffic to except on the VPN connection, and click next.



  • Choose Block the Connection.


  • Tick Domain and Private. Make sure Public is left unticked.




  
 

   
  

































10. Repeat Step 9 for Outbound Rules.

When all of the above steps are complete, you should test the configuration. Run the application you made the rule for, and test that it is working when the VPN is connected. Start a download, and then disconnect from the VPN. If all is configured properly, the download should die immediately as the firewall will immediately block it from using your ISP-assigned IP address. If you wish to monitor traffic closely, use TCPView
Repeat step 9 and 10 for other applications you want IP binding to be enabled with, e.g. your browser, download manager, a game, etc.

How to setup Comodo Firewall - IP Binding through MAC address

These rules will work with or without a router.This is a good way to make sure any application(s) you choose,will only run through your vpn connection.

This will configure Comodo Firewall to allow specific applications, to access to the internet,only when HMA VPN is active.

With Comodo firewall (100% free version), you can set a network zone based on an adapters MAC, make a pre-defined rule for that zone, and apply that rule to certain applications.

A. Create a network zone, Get the MAC for the TAP-Win adapter
1. (XP) Start / Run and type CMD, press enter.
(Win7) Start and type CMD, press enter.
2. You should see a black box called a DOS box with a blinking cursor.
3. Type IPCONFIG /ALL
4. Look in the mess of junk for the section that says TAP-Win32.
5. You need the part that says Physical Address . . . . . . 00-??-??-??-??-??
6. Leave this window open for now.
 
Alternative way to find out the TAP-adapters MAC address:

Go to -> Control Panel\Network and Internet\Network Connections
1) Right Click the Tap-win adapter
2) Click Status
3) Click Details
The MAC address is the physical address, which you can't select on its on so you can either just write it down or
4) Ctr+C to copy and paste entire window into Notepad


B. Create network zone, Add in Comodo
1. In Comodo, go to Firewall / Advanced / Network Security Policy / My Network Zones
2. Add / New Network Zone
3. Name it HMA MAC (press apply)
4. Select HMA MAC
5. Add / New Address
6. Choose "A MAC Address" and enter the Physical Address from earlier.
7. You should see your new Zone with the New rule.
8. Press OK.

C. Make a Pre-Defined Rule
1. Open Firewall / Advanced / Predefined Firewall Policies
2. Click ADD
3. Enter a Name, HMA Only
4. Add...
Action: Allow
Protocol: IP
Direction: In
Source Address: Any
Destination Address: Zone / HMA MAC
Apply

5. Add...
Action: Allow
Protocol: IP
Direction: Out
Source Address: Zone / HMA MAC
Destination Address: Any
Apply

6. Add...
Action: Block
Protocol: IP
Direction: In/Out
Source Address: Any
Destination Address: Any
Apply
Apply
Apply

7. You should now have 2 green rules and then a Red one.


D: Apply rule to Applications
1. Open Firewall / Advanced / Network Security Policy / Application Rules
2. Choose the application that should only work with HMA active, or add an new one.
3. It will open to "Application Network Access Control"
4. Here choose the Predefined Policy "HMA Only"
5. If there are other rules already, they will be removed.To keep any existing settings, you'll have to improvise here.
6. Apply
7. OK.

Do this to all apps that should only access through the HMA VPN Connection

E. Testing...
1. In the above example, I made a rule for Google Chrome.
2. Disconnect from HMA
3. Open Chrome - it is unable to load the home page.
4. Enable HMA
5. Refresh Chrome - it worksBig Grin

I added a few more applications.
Open Firewall / Advanced / Network Security Policy / Application Rules *Make sure your applications refer to "HMA Only" and your covered.


Here's the download link for Comodo Firewall Free Edition:
http://www.comodo.com/home/download/down...d=firewall /
http://downloads.comodo.com/cis/download...taller.exe
(32/64bit installer)

How to Secure Firefox (with a lot of links to tools and add-ons)

I'd like for people to come together and compare the different addons that we have for Firefox which make internet surfing a better and safer experience.

  1. Start Firefox in Privacy mode (http://bit.ly/9c9bzl)
  2. Make the Homepage a IP-Checker (http://www.ip-adress.com/) or try an addon that warns you of an IP change (http://bit.ly/cjaELd)
  3. The problem with Privacy mode is that all the links/bookmarks will not save, thus you can use a synching tool - http://bit.ly/cMipZn OR http://bit.ly/dqkRo0
  4. Use NoScript - http://bit.ly/ccbv0n

This addon makes you select whether scripts should be allowed on the pages you visit - also a good way to look at which sites have what scripts.
  • Use AdBlock Plus - http://bit.ly/xRJb8 A great program that blocks ads, thus also blocking a good amount of Malware (by not letting you to click on the links)
  • Better Privacy - http://bit.ly/aYdQmH Deletes LSO's, not sure that privacy mode allows these to save permanently.
  • Force-TLS http://bit.ly/dcWqH4 Basically makes the browser (if there's a choice) to make a HTTPS connection to a site.
Great tool for passwords, if you remember the password, then it's not secure enough. Invest 12$ for a year that will give you access to some great second layer verification. Then you can also access all your passwords from phones, etc. It also allows you to save forms - thus you can save your credit card details, etc. You are taking a chance of storing such data in one place, so the 12$ investment is a good idea.
  • Ghostery - http://bit.ly/9Y5jaW Blocks information flow to AD agencies about your habits (use with NoScript)

Use of Facebook(remember to config your privacy settings) :
There have been some disturbing news about Facebook using your surfing habbits for targeted ads (while you're logged on).
Because of this, there are a few addons towards Facebook:

The addons for facebook are old, use the Adblock addons in conjunction with the ExException to clear up your experiance in FB.
  1. AntiSocial - DEAD
  2. No FB Tracking - OLD
  3. remove all facebook ads - OLD

For some people this doesn't work (old addon) , but it works for me.

Final Step:
Always use Firefox (or any Internet Browser) within a Sandbox (http://bit.ly/Ro4z)
It takes a bit of time to get used to the Sandboxie usage (especially once you have to remember that updates have to be done outside the sandbox) but it can save you from a very good amount of viruses/trojans and other nasty tings.

Also, there's a tool called VPNcheck - http://bit.ly/d8VK0x
The program will kill any program of your choice (Firefox/uTorrent etc) if you get a drop in the VPN connection. Though it might become obsolete once the IP Bind program within the VPN goes Alpha.

Similarly you can check out the great article of constricting your Internet Connection with a COMODO firewall through the VPN IP ranges - http://bit.ly/b3EC07

These are some of the addons that I use with my FireFox. I'd love to learn about other people's internet browser configuration. Also, I'd love to hear how people use other browsers (Chrome/Opera) as Firefox is a bit Clunky, but I haven't seen a good enough of a security with the other browsers.


UA is an interesting thing, you can go through forums and see the members-only links by masking yourself as a googlebot (use the Switcher for that) otherwise use UAControl and set the default to block.
  • RefControl - http://bit.ly/hmL3AW Similar to UAControl, set it to block and add the exceptions for sites that don't work - wordpress, etc.



  • ExExceptions - http://bit.ly/oXQzlN Last defense against ads/popups. This will block them, similar to editing your hosts fie.




In the end, you ought to use a couple checking sites:
http://ip-check.info/?lang=en and IP-score.com are good ones.

Stay safe.

OH and remember to use CCleaner with secure deletion time to time.

How to let websites and IPs bypass the VPN using static routing

There are several reasons for letting certain IPs or websites bypass the VPN connection, so they are used with your real IP and connection instead.
For example:
  • if a certain website is blocking access to foreign IPs, so you can only access it with your real IP
  • if websites and services forbid the use of VPN, so your account won't get restricted or suspended
  • if you cannot access a local machine in your network while the VPN is connected (e.g. server, other computer or network device of any kind.

Windows

If you don't want to do it the manual way via route.exe in command line, or using the HMA unRouting utility below, you might want to check out this GUI for route.exe

Manual setup via route.exe

On windows, to create static routing rules to let IPs bypass the VPN, you need to use the integrated tool "route.exe" of Windows.
You can find it in the folder C:\Windows\System32 - but it's executable from any place.
To use it, open a command prompt. Run "cmd.exe" or navigate to "All Programs/Accessories/Command Prompt" in the start menu.
Run "route" to get the instructions for how to use this tool. How to use it for our purpose (IPs bypassing the VPN) is quickly explained:
  • First you need to find your gateway IP address. This is usually the IP of your router/DSL-Modem, so the device your computer gets the internet from.
    If you're not sure which IP that is, please run "route print". In the mid-section of the output, you should see something like this:

  • You'll see that certain IPs are using a gateway address that belongs into your local network. In this case, 192.168.88.2 is our gateway IP address, the IP of the router
  • Keep that gateway IP address in mind. Now we need to get the IP of the website you want to bypass the VPN. For testing, we can use http://ipaddress.com
  • As you might know, this website shows your current IP and location. When disconnected from the VPN, go there and you'll see your real IP and location.
  • To get the IP of that website, you can simply ping it by running "ping ipadress.com". It returns the IP address, which is: 80.237.246.185
    Alternatively use websites like http://www.hcidata.info/host2ip.htm for this purpose
  • Now we create a routing rule for this website, by running "route add 80.237.246.185 192.168.88.2" (syntax: route add destinationIP gatewayIP)
  • When that is done, connect to the VPN and visit http://ipaddress.com again. You'll notice that it still shows your real IP and location, instead the VPN IP and location.
    That means the routing rule is working and the website is bypassing the VPN.

Note: This rules are only temporary, that means they disappear upon next reboot.
To make them permanent, use the switch "-p", so e.g. "route -p add 80.237.246.185 192.168.88.2"

Quick way using HMA UNrouting Utility


This tool creates routing tables for you - this allows to exclude certain IPs or websites from being accessed through the VPN. That means when your VPN connection is active, the traffic between your computer and the IP will be transferred through your "normal" internet connection, with your real IP, ISP and location.

This especially makes sense when accessing services that do not allow the use of VPN, e.g. financial related (Paypal, Onlinebanking) or advertising related (visitor exchange programs, affiliate systems).


 

Mac OSX

Manual setup using route and netstat


The setup is pretty similar to the manual setup with route.exe in Windows, just the commands differ a little.

To get the current routing table, so you can see all existing rules and get your gateway IP, run: "netstat -r". The output should look like the one on the right ->

You can see that the gateway in this example is 192.168.132.2

OK, now let's create the routing rule.

In this example we also want to let ipaddress.com bypass the VPN,
so we need to get the IP of that website by pinging it. Run "ping ipaddress.com".
It returns the IP of that website, which is 80.237.246.185
Run "sudo route -nv add 80.237.246.185 192.168.132.2".
The syntax is "sudo route -nv add destinationIP gatewayIP".
The output should look like in the image on the right ->
Now, connect to the VPN and visit http://ipadress.com
You'll notice that it shows your real IP and location, instead of the VPN ones.
That means the routing rule is working and the IP/website is successfully bypassing the VPN.
 

Linux

How to creating routing rules on Linux differs from distribution to distribution.
For an overview and a detailed explanation for each distribution, see this link:
http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html
The command "ip route show" shows your current routing rules.
 

Android

To set up static routing rules on Android, your device needs to be rooted.
Then you can use any terminal emulator (e.g. this one https://play.google.com/store/apps/details?id=jackpal.androidterm) to get into the command prompt.
To get root privileges in the command prompt: su
To show the current routing rules: ip route
To set routing rules, you can use the same instructions as for Linux. See the link above