Viscosity excluding local connections?

Got a problem with Viscosity or need help? Ask here!

ingber

Posts: 7
Joined: Sun Feb 01, 2015 5:42 am

Post by ingber » Tue Jul 19, 2016 5:54 am
I want to know if ALL traffic is going through my VPN server (privatetunnel.com), or is the default to bypass the VPN for local traffic? Here, I assume "local" means 192.168... traffic through my router?

In Viscosity (current beta), under Edit -> Networking -> Routing I see a default-unchecked box for "Send all traffic over VPN connection". I followed this up by reading http://sparklabs.com/support/kb/article ... lications/ , but this seems to be in a somewhat different context. I have not checked this box.

My query is the context of using a chromecast device which has both ethernet and wireless connections to my router (same ssid). I have checked this out in the context of being able to connect to the chromecast.

On my Android OpenVPN clients I have to explicitly either exclude all local connecctions or set them individually by local IP address.

However, on my PC/Viscosity I can cast with VPN on in my PC, even though VPS is not on in my router (to which my TV and chromecast directly connect).

As expected from my Android, I have to set the local connection to work. As it turns out not even Guest mode works: https://productforums.google.com/forum/ ... 889pN1CgAJ .

So, it seems that the default now in Viscosity is to bypass local connections? Is this true? If so, does this present any kind of security problem? E.g., if our router is not running any VPN itself, and our TV is connected to our Chromecast via the router directly, is there any "local" threat this wayi that can "creep" back to our PCs? (Note that printers often have these problems, and HP just recently issued patches for this problem.)

The test for Windows in http://sparklabs.com/support/kb/article ... fic-leaks/ does show that all traffic is going through the VPN. This surprising since I can cast to my TV (not on VPN) from my PC (on VPN).

This could be quite problematic if on travel, where "local" connections could include everyone in a hotel?

Eric

User avatar
Posts: 1146
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Jul 19, 2016 9:27 am
Hi ingber,

There is no default in Viscosity on how to handle local traffic, there is instead how the Windows routing table is working. Windows will route traffic by the smallest subnet mask first. You will most likely have a route for your local network, being maybe 192.168.0.0/255.255.255.0. As this subnet mask is smaller than the default route set by OpenVPN and Viscosity, any traffic in that route range (192.168.0.1-192.168.0.254) will be directed to your local network instead of out the VPN tunnel.

If you wish for this to change, you would need to remove this route while connected and replace it with a route for just your local gateway, for example if your router was 192.168.1.1, 192.168.1.1/255.255.255.255/net_gateway.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1