Home » Did you know » Bypass VPN for regular traffic

Bypass VPN for regular traffic

IMG_1380 For as many places as I’ve been where they use VPNs, I’ve yet to find one that is set up correctly.  I suppose there is a good reason for this, but I consider the problem to be mostly Microsoft’s fault.

I mean, wouldn’t you assume that if it were possible to use your regular connection for all of the network traffic EXCEPT for the traffic that needs to go through the VPN, that is what you would want?  But no.  Microsoft sets it up so that ALL of your traffic goes through the VPN connection.

What this means is that getting a connection to a search engine in order to look for a solution to a problem will take about twice as long as it should since your traffic first has to go to the VPN server and then out to the search engine.

Here’s how you fix it:

In Vista:

Go into the Control Panel and click the “Network and Sharing Center” icon.

On the left panel of the resulting screen you should see a link, “Manage network connections.”  Click it.

The next screen will have icons for all of your connections.  There should be one for your VPN.  Right-click it and select “Properties” from the menu.

In the “Properties” screen, click the “Networking” tab and then select “Internet Protocol Version 4” and click the “Properties” button.

Click the “Advanced” button.  This will bring up a new window where you can un-check “Use default gateway on remote network.”

OK out to save everything.

In XP:

Go into the Control Panel and  click “Network Connections”

Right click the icon for the VPN and select “Properties” from the menu.

In the “Properties” screen, click the “Networking” tab and select “Internet Protocol” from the list and click the “Properties” button.

On the window that pops up, click the “Advanced” button.

Un-check the “Use default gateway on remote network” check box.

What this does:

Now the only traffic that will go to the VPN is traffic bound for the VPN on the same subnet as the subnet the VPN connection is on.

If you need other traffic to also go through the VPN, you’ll need to play with the routing tables.

 

Other places talking about VPNs

Update on the VPN Issue – If there’s any kind of interest in a formal review of the Netgear SSL VPN device, I’ll be happy to type it out, but in a nutshell, if you’re dealing with a small office of users, and you want a firewall with VPN capabilities, …

Should VPN be this hard? – Not a problem, as the Cisco security appliance we bought supports VPN. And configuring the Cisco IPSec VPN was quite simple. I was pretty happy when, with just an hour of looking at the documentation and fiddling with the configuration, …

 

Other post in Did you know

Related Post

  • YAGNI – You Aren’t Going To Need ItYAGNI – You Aren’t Going To Need It One of the design principles in software development is to only write what you need today.  This has taken on the moniker of YAGNI (You Aren’t Going To Need It). The question is, […]
  • Random computer freeze linked to unlikely culpritRandom computer freeze linked to unlikely culprit For months now I have been suffering from the dreaded random computer freeze.  It has gotten progressively worse.  Everything I’ve tried to do to fix the problem has failed.  I know what […]
  • Advantages of Using Class DiagramAdvantages of Using Class Diagram One of the new tools that showed up in Visual Studio 2005 that I don't see many people taking much advantage of is the Class Diagram. The class diagram displays the classes you drag […]
  • Effective Hacks to Enhance IT Careers of College StudentsEffective Hacks to Enhance IT Careers of College Students I just got back from sending my last child off to college.  OK.  Now that you all have some vague idea of how old I am… The weekend had all kinds of events that would make for […]
  • 6 Reasons I Moved My Money To …6 Reasons I Moved My Money To … Way back before I was doing any programming, I was working at Radio Shack in the Chicago area.  Radio Shack, the company everyone loves to hate.  Regardless of what your experience may […]

About Dave Bush

Dave Bush is a Full Stack ASP.NET developer focusing on ASP.NET, C#, Node.js, JavaScript, HTML, CSS, BootStrap, and Angular.JS. Does your team need additional help in any of the above? Contact Dave today.

  • Not to be a dicknerdweenie or anything, but if you don’t run all your computer’s network traffic over the VPN, then your computer becomes an attack vector into the network into which you’re VPN-ing. That’s why the default configuration is to run all traffic over the VPN. Any company that permits you to bypass the VPN for external traffic isn’t serious about their network security.

  • Dave

    I’ll be the first to admit that I’m not a network admin. So, help me out here…

    What is the difference between doing what I’ve said and disconnecting from VPN doing my stuff and then reconnecting other than:

    1) My way is less of a hassle and
    2) There less immediate impact on the network.

    If the computer doesn’t have it’s own virus detection etc. I would expect the security issues to be about the same.

    And, just for information sake, how would a network admin force all traffic through the hosting network?

  • I just did this and yes, you are right, it does default through the remote gateway. i think the issue is segmenting the networks. someone smarter than me will have to explain all that.

  • Hi, thanks very much for the link to Standalone Sysadmin!

    I agree that an unsecured machine is a security vector, but anytime you have a machine outside of the confines of your network connecting inside logically, it’s an attack vector.

    Network security is always a trade off between security and usability.