Methods to Exempt and Bypass Traffic from Your VPN Tunnel
VPN tunnels are great because they encrypt every single piece of data the flows through them, making that data safe from the prying eyes of governmental agencies and hackers. But there is a drawback. Depending on where your VPN server is located, you could incur some performance hits when running extremely demanding and sensitive applications due to latency and overhead. Different users have different needs and wants and not all of them require or benefit from encryption. Bypassing your VPN while gaming for example, can be very beneficial to ping times unless you’re actually trying to find a shorter route due to living somewhere very far from the main server locations. You might also want to bypass your VPN when using Netflix locally if you have very slow internet speeds.
Truth be told, we don’t need to send all of our data over VPN tunnels. For example, what if you’re doing research on how to train your new puppy? After you Google the data and pull up the material, who cares if your ISP or anyone else can see that you’re accessing this information? It’s inconsequential and for that reason the HTTP session with your puppy-training server doesn’t need to be encrypted. So the question that gets asked is, “How do I setup my computer to exempt traffic that isn’t sensitive from being sent through my tunnel and bypass the VPN for those specific applications?” The answer to that question is a process called static routing. There are a few caveats to the configuration because some websites tie multiple IP addresses to their domain name for redundancy, but for the majority of less complex sites static routing is the perfect solution to bypass your VPN.
For those of you who aren’t too technical, you are probably wondering what static routing is. Well, there are two types of routing: static and dynamic. Dynamic routing can send your data through an infinite number of paths through networks depending using crucial metrics such as the number of devices that need to forward your information to the destination, how fast the bandwidth is from link to link, the reliability of connections, and how busy network segments are.
Static routing, on the other hand, is a lot simpler. With static routing you can specify which devices data should be sent to based on one factor: the destination IP address. The downside to static routing is that you need to do it manually, whereas dynamic routing happens automatically. But this will give you the ability to siphon off traffic that would normally needlessly flow through your VPN tunnel and give you a high amount of control over your data, allowing you to specify when and where you want to bypass your VPN tunnel.
Static Routing in Windows
If you use your VPN in a Windows environment, you are going to need to open up the command prompt and run it as an administrator to configure static routing. Here is how you perform that task on different versions of Windows.
Step 1: Run the Command Prompt as an Administrator
- Windows XP: Click Start, Run, and then type “cmd” and hit the enter key.
- Windows Vista: Click Start, All Programs, Accessories, and right click on the command prompt to run it as an administrator.
- Windows 7: The same steps as Windows Vista.
- Windows 8: From the start screen click on Apps, type “cmd” and then hit the enter key. After the command prompt icon appears, right click on it, choose Advanced, and then select “Run As Administrator.”
- Windows 8.1: Right click on the start icon and select “Command Prompt (Admin)”
Once you have done this successfully for your version of Windows, a black box with a blinking cursor should pop up that is known as the command prompt.
Step 2: Determine Your Default Gateway
We are going to need to setup static routes to your default gateway, so first we must ascertain its IP address. To do this, simply type ipconfig into the command prompt and hit the enter key. You should see the default gateway listed under your active adapter.
Alternatively, you can get this information by viewing your routing table. Just type route print into the command prompt and press the enter key. This will show you all of your current static routes, but you are concerned with the entry known as a default route that is listed with the address of 0.0.0.0 and a mask of 0.0.0.0.
Step 3: Find the IP Address of Websites You Want to Exempt from the VPN Tunnel
Now we to gather one piece of critical information to setup the static route. We need to find out the IP address that is bound to the domain name you want to exempt from the VPN tunnel. The easiest way to do this is with a ping. For our example, let’s use BuzzFeed. Type the following into the command prompt:
- ping www.buzzfeed.com
Next the command prompt will spit out some data regarding how successful the ping operation was. Look for the IP address that is enclosed in brackets. Basically the ping utility is using DNS to resolve the IP address, and this is the number we are after.
Step 4: Create a Static Route
At this point we have all the information we need to create a static route that will bypass your VPN tunnel. The syntax of the command is as follows:
- route add [destination IP address] [default gateway]
So, if you had a default gateway of 192.168.1.1 and you wanted to setup a static route to allow traffic to BuzzFeed to bypass your VPN tunnel, the command would look like this:
- route add 184.108.40.206 192.168.1.1
After you enter your route into the command prompt and hit the enter key, you are going to want to verify that your route successfully made its way into the routing table. Run the route print command again and you should now see your static route in the table.
Easy Alternative Configuration Option
The VPN service provider HideMyAss provides a GUI tool that you can use if you don’t like working from the command line. It is called the unrouting utility, and it is pretty simple to use. You will need to right click on this program to run it as an administrator after you have downloaded it, too. Basically, it will do the exact same thing as the command prompt steps, but it will also allow you to make configurations based on a domain name, allowing you to quickly bypass your VPN for as many websites as you wish!
The OSX Configuration Process
The OSX steps to configure static routing are pretty similar to the Windows steps.
Step 1: Open the Terminal
To open the terminal – which is the OSX version of the command prompt – go to Applications, Utilities, and then click on Terminal.
Step 2: View Routing Table and Determine Default Gateway
Then type netstat -r and hit the inter key to find your default gateway. Alternatively, you can use the ifconfig command to determine this piece of information.
Step 3: Ping the Website You Want to Bypass the VPN Tunnel
The ping command syntax is the same as Windows, so run the ping www.buzzfeed.com command.
Step 4: Add the Static Route
The command syntax to add a static route is as follows:
- sudo route -nv add [destination IP] [default gateway]
So for our example, the command would look like this:
- sude route -nv add 220.127.116.11 192.168.1.1
Step 5: Verify Your Route Was Added Successfully
Now all you need to do is run the netstat -r command to verify that your route is now a part of the routing table.
Linux configurations aren’t as easy because each Linux distribution uses their own slightly different way of performing this task. Most times you will need to edit a specific text file to add the routes, but not always. Because there are so many ways to configure the routes, we could not list them all here. Instead, just search on the Internet for adding static routes using your particular version of Linux.