How to use your regular IP when connected to a VPN
Consulting for different Enterprise and Government organizations means that each of them requires me to connect to their VPN in order to access their network. Unfortunately when I connect to their VPN, my public IP address changes and I am no longer able to connect to networks that have white listed my regular IP.
In order to resolve that, I add a persistent static route to the routing table. That route effectively tells my operating system that whenever I try to access the network in the added route, it should go through my ISP's network and not the VPN.
The example below is using Windows 10 as the Operating System, and the remote IPv4 network address of LinkedIn, but it works the same with any remote network, and with minor changes on any operating system.
First, open an Elevated terminal, i.e. Run as Administrator. While elevation is not required to view the routing table, it is required to make changes. To view the current routing table for IPv4, you can run the command (omit `-4` to view both IPv4 and IPv6):
route print -4
That will list the current active routes, e.g.
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 25
10.0.75.0 255.255.255.0 On-link 10.0.75.1 271
10.0.75.1 255.255.255.255 On-link 10.0.75.1 271
10.0.75.255 255.255.255.255 On-link 10.0.75.1 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
172.31.103.96 255.255.255.240 On-link 172.31.103.97 5256
/*** omitted for brevity ***/
224.0.0.0 240.0.0.0 On-link 172.31.103.97 5256
255.255.255.255 255.255.255.255 On-link 192.168.1.101 281
255.255.255.255 255.255.255.255 On-link 10.0.75.1 271
255.255.255.255 255.255.255.255 On-link 192.168.56.1 281
255.255.255.255 255.255.255.255 On-link 172.31.103.97 5256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.0.1 Default
===========================================================================
The Gateway Address of `192.168.0.1` is the router connected to my ISP. When I connect to a VPN, new routes are added and they usually take precedence which causes the public IP to change.
Running the command `nslookup linkedin.com` shows that the website's address is at `108.174.10.10`. A search for that address in the ARIN registry [1] shows that the LinkedIn corporation is assigned the network range of 108.174.0.0/20. The subnet mask equivalent of `/20` is `255.255.240.0` (you can to use an online calculator [2] if you're uncomfortable with calculating it yourself).
So in this example, we want to route any requests to 108.174.10.10 with netmask 255.255.240.0 through our regular ISP rather than the VPN. To do so, run the following command in the elevated command prompt:
route add -p 108.17.10.10 mask 255.255.240.0 192.168.1.254
Now run again `route print -4` and you should see at the bottom something like the following:
=========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.1.254 Default 108.17.10.10 255.255.240.0 192.168.1.254 1 ===========================================================================
Now any connections to the LinkedIn network will go through my regular IP address, regardless of which VPN I am connected to.
Two other useful arguments that the `route add` command takes are `metric <weight>`, e.g. `metric 1`, and `if <interface>`, e.g. `if 11`. You can find the interface numbers at the beginning of the `route print` output or by running `netsh int ipv4 show interfaces`.
If you want to make the change temporary, so that it will be removed on the next reboot, remove the `-p` switch from the `route add` command.
To delete the static route, run the command `route delete` with the IP address, e.g.:
route delete 108.17.10.10
VPNs are great at hiding your IP address, but sometimes when you are connected to a VPN you actually want to show your public IP. You also might want some privacy from the owners of the VPN. After all, they should not be able to inspect and log all of your traffic that is unrelated to their network.
[1] https://search.arin.net/rdap/?query=108.174.10.10
[2] https://www.ultratools.com/tools/netMaskResult?ipAddress=108.174.0.0%2F20
Leading IT Director | 20+ years of success in areas of cybersecurity, electronics, and information technology | Worked with Fortune 500 companies and clients
5 年Correct me if I am wrong if you put in that static route that gives you the ability to interact with systems without going through your VPN? Does this make it possible for aberrant programs to also use this path to bypass your proxy and any measure of blocking of sites or programs that proxy provides?? Also if you connect to a site that loads aberrant content would not this use of your VPN bypass disable the protection the VPN affords you? Would not you, in essence, be defeating the very purpose of the VPN?? I use a VPN all of the time which is based on a system I use at home, so why would I go through all of that trouble of protecting myself just to allow for a possible attack by using a static route to defeat the VPN? Just asking some questions for clarity.
Senior Software Engineer
5 年I remember being on a VPN and went to virginmedia support forums and it said I was banned. I thought, what did I do? But they just ban access to non-vm IPs
AI Researcher, IT Systems Engineer, Python Data Scientist, Business Analyst
5 年Ooh useful