Showing posts with label How to let websites and IPs bypass the VPN using static routing. Show all posts
Showing posts with label How to let websites and IPs bypass the VPN using static routing. Show all posts

Friday, May 17, 2013

How to let websites and IPs bypass the VPN using static routing

There are several reasons for letting certain IPs or websites bypass the VPN connection, so they are used with your real IP and connection instead.
For example:
  • if a certain website is blocking access to foreign IPs, so you can only access it with your real IP
  • if websites and services forbid the use of VPN, so your account won't get restricted or suspended
  • if you cannot access a local machine in your network while the VPN is connected (e.g. server, other computer or network device of any kind.

Windows

If you don't want to do it the manual way via route.exe in command line, or using the HMA unRouting utility below, you might want to check out this GUI for route.exe

Manual setup via route.exe

On windows, to create static routing rules to let IPs bypass the VPN, you need to use the integrated tool "route.exe" of Windows.
You can find it in the folder C:\Windows\System32 - but it's executable from any place.
To use it, open a command prompt. Run "cmd.exe" or navigate to "All Programs/Accessories/Command Prompt" in the start menu.
Run "route" to get the instructions for how to use this tool. How to use it for our purpose (IPs bypassing the VPN) is quickly explained:
  • First you need to find your gateway IP address. This is usually the IP of your router/DSL-Modem, so the device your computer gets the internet from.
    If you're not sure which IP that is, please run "route print". In the mid-section of the output, you should see something like this:

  • You'll see that certain IPs are using a gateway address that belongs into your local network. In this case, 192.168.88.2 is our gateway IP address, the IP of the router
  • Keep that gateway IP address in mind. Now we need to get the IP of the website you want to bypass the VPN. For testing, we can use http://ipaddress.com
  • As you might know, this website shows your current IP and location. When disconnected from the VPN, go there and you'll see your real IP and location.
  • To get the IP of that website, you can simply ping it by running "ping ipadress.com". It returns the IP address, which is: 80.237.246.185
    Alternatively use websites like http://www.hcidata.info/host2ip.htm for this purpose
  • Now we create a routing rule for this website, by running "route add 80.237.246.185 192.168.88.2" (syntax: route add destinationIP gatewayIP)
  • When that is done, connect to the VPN and visit http://ipaddress.com again. You'll notice that it still shows your real IP and location, instead the VPN IP and location.
    That means the routing rule is working and the website is bypassing the VPN.

Note: This rules are only temporary, that means they disappear upon next reboot.
To make them permanent, use the switch "-p", so e.g. "route -p add 80.237.246.185 192.168.88.2"

Quick way using HMA UNrouting Utility


This tool creates routing tables for you - this allows to exclude certain IPs or websites from being accessed through the VPN. That means when your VPN connection is active, the traffic between your computer and the IP will be transferred through your "normal" internet connection, with your real IP, ISP and location.

This especially makes sense when accessing services that do not allow the use of VPN, e.g. financial related (Paypal, Onlinebanking) or advertising related (visitor exchange programs, affiliate systems).


 

Mac OSX

Manual setup using route and netstat


The setup is pretty similar to the manual setup with route.exe in Windows, just the commands differ a little.

To get the current routing table, so you can see all existing rules and get your gateway IP, run: "netstat -r". The output should look like the one on the right ->

You can see that the gateway in this example is 192.168.132.2

OK, now let's create the routing rule.

In this example we also want to let ipaddress.com bypass the VPN,
so we need to get the IP of that website by pinging it. Run "ping ipaddress.com".
It returns the IP of that website, which is 80.237.246.185
Run "sudo route -nv add 80.237.246.185 192.168.132.2".
The syntax is "sudo route -nv add destinationIP gatewayIP".
The output should look like in the image on the right ->
Now, connect to the VPN and visit http://ipadress.com
You'll notice that it shows your real IP and location, instead of the VPN ones.
That means the routing rule is working and the IP/website is successfully bypassing the VPN.
 

Linux

How to creating routing rules on Linux differs from distribution to distribution.
For an overview and a detailed explanation for each distribution, see this link:
http://www.cyberciti.biz/tips/configuring-static-routes-in-debian-or-red-hat-linux-systems.html
The command "ip route show" shows your current routing rules.
 

Android

To set up static routing rules on Android, your device needs to be rooted.
Then you can use any terminal emulator (e.g. this one https://play.google.com/store/apps/details?id=jackpal.androidterm) to get into the command prompt.
To get root privileges in the command prompt: su
To show the current routing rules: ip route
To set routing rules, you can use the same instructions as for Linux. See the link above