Page 1 of 1

How to bypass "redirect-gateway" sent by VPN server?

Posted: Mon Nov 27, 2017 6:36 am
by voidpointer
I am connecting to the US Midwest server provided by Private Internet Access (PIA). It sends down 'redirect-gateway', but I do not want my internet traffic tunneling through the VPN. I want to selectively choose that interface in different programs as needed.

When I tried this with normal OpenVPN client, I used the "route-nopull" option and while this solved the gateway problem, I couldn't ping over that interface with:
Code: Select all
$ ping -k <VPN IP HERE> google.com
Ping did not go through via this method. How can I properly get this behavior with Viscosity?

Re: How to bypass "redirect-gateway" sent by VPN server?

Posted: Mon Nov 27, 2017 12:11 pm
by Eric
Hi voidpointer,
voidpointer wrote:
Code: Select all
$ ping -k <VPN IP HERE> google.com
Ping did not go through via this method. How can I properly get this behavior with Viscosity?
This is the correct behaviour. route-nopull will ignore all routes pushed by the VPN, thus no traffic will pass over the VPN as there are no routes. If you add a route for google.com to the connection, you will then be able to ping it.

I'm afraid simply binding an application to the interface isn't good enough, routes still need to exist to route that traffic correctly. You still want to use route-nopull, however you will still need to define the routes you need, the following should help - http://sparklabs.com/support/kb/article ... lications/

What you might need to do if your applications are binding to the Viscosity interface, is set route-nopull, but then set a 0/0 route with a very high metric (say 1000) so your normal connection is used by default, but a route still exists for all traffic for your VPN as a secondary.

Regards,
Eric

Re: How to bypass "redirect-gateway" sent by VPN server?

Posted: Mon Nov 27, 2017 12:24 pm
by voidpointer
I'll admit I'm not the most familiar with VPN. What I was hoping for is that I could control which traffic goes over the VPN interface. I found this is difficult to do with ip tables when DNS is involved. If I'm willing to go back to the drawing board here, do you have a recommendation different from what you've already outlined? Is the 0/0 route the best way?

Thanks for your response!!!

Re: How to bypass "redirect-gateway" sent by VPN server?

Posted: Mon Nov 27, 2017 12:32 pm
by Eric
Hi voidpointer,

The article I linked in my previous reply is the best advise we can really offer on this.

http://sparklabs.com/support/kb/article ... lications/

My understanding from your original post is that your applications had an option to bind to a specific interface, if this is the case a high metric 0/0 route is probably the best way. If not, you will need to determine where the traffic goes as per the above article and add routes accordingly.

Regards,
Eric