Circle Device


Quick Reference

Routing Traffic in Windows

Right, so you have a nice VPN setup with a VPN (I have used OpenVPN) but you want to route all your traffic via the VPN. Here I will try and explain how to do just that.

First you need to find your current default gateway and the IP address of your VPN server. Here we will be using VPN.SERVER.IP.ADDR, NEW.DEFAULT.GATEWAY.IPADDR and OLD.DEFAULT.GATEWAY.IPADDR. To find your default gateway open a command prompt (in windows 7 run as administrator because we need to make changes to the routing table later).

type route print then press enter.

C:\>route print
*** lots of stuff ***
Network Destination        Netmask          Gateway       Interface  Metric
       25       1       20
*       1   *       1       1       30       30       30       25       25       25       30       25       1           10003       1       1
Default Gateway:
Persistent Routes:


From now on wherever I say OLD.DEFAULT.GATEWAY.IPADDR I actually mean the numbers after "Default Gateway:" in this example it is

In the above I have starred an entry, all addresses that start with 192.168.10. are on my corporate network so I know that the gateway for those addresses is where I want to send all my packets! I will use this address ( for NEW.DEFAULT.GATEWAY.IPADDR.

First I need to add a route so that I don't try and send the encrypted VPN packets to the VPN server via the VPN... that would simply not work.


Then delete the current default route


Now add the default route to go via the VPN


To make this clear and skip the confusing names I used this is the same thing but using the IP addresses from the above screenshots instead of the substitute names.

route add mask
route delete mask
route add mask

If you do not know the IP address of your VPN server ask your friendly systems administrator, Ted is always happy to help. Especially when he knows you will screw it up late on a Saturday night and call him whilst he is eating to have him fix it for you.

DNS Problem

IMPORTANT SECURITY CONCERN: In normal circumstances your DNS traffic will NOT be routed through the VPN your DNS servers from the VPN will be listed but Windows will choose which one to query thus generating DNS leakage... not so great but might not matter depending on what you are trying to do. I suggest that you look into setting a static IP address on your network and not including a DNS server... naturally this has its own problems. If there is any way to do this with netsh, please let me know.

Quick Links: Techie Stuff | General | Personal | Quick Reference