In this article we are going to discuss the following issues:
One of the reasons for getting a VPN is to protect your computer or mobile device from external threats, or to hide your browsing activity. So you might be wondering, “Why would I want to exempt a website from a VPN?” There are a number of instances where you might want to restrict your VPN. One example is if you are living outside the US, and you are using a VPN to access services like Netflix. You might then want to access a local website, but the site has blocked access with a VPN. Therefore, to reach the local site, you would think to disconnect your VPN – but this makes it inconvenient to then watch Netflix, and it can also leave your device vulnerable. Therefore, we will explain how to modify your VPN connection to bypass VPN for certain websites to exempt websites without disabling your VPN’s protection.
There are two essentially two approaches to achieving this:
1. Send all the traffic out over your VPN, except for specific sites.
2. Only send traffic for specific sites out over your VPN.
You can complete the first approach with only a simple change to the OpenVPN configuration file. Option two requires that you make an entry in your routing table. Option two is slightly more complicated, but effective. Below we will show you how to do both.
Whether you are using ExpressVPN, NordVPN, or another VPN provider, the way each has set up OpenVPN is going to be basically the same. So these instructions will work for almost any VPN in order to exempt websites from your VPN.
First, if you are using Windows VPN, or any other VPN, then the only way you can exclude specific websites is with OpenVPN. It is the only VPN software that lets you edit the configuration in a simple text file.
To get started, you will need:
1. The IP address of your home or office Wi-Fi router.
2. The IP address of the site that you want to exclude.
3. The location of your OpenVPN configuration file.
To find the IP address of the website you want to exclude, go to the command prompt, meaning run cmd, then type:
You can’t use the domain name, only the IP address. In this example, to show how this works (and that it does work) we pick whatsmyip.org. Its IP address is 220.127.116.11.
To obtain the IP address of your Wi-FI router you need to run:
Look for the text that says “Default Gateway”. For most home or small offices, the IP address will be 192.168.1.1. In the example above it is 192.168.1.2.
Now open the .opvn config file associated with your VPN connection. You could have copied it from anywhere, but most likely it is located in C:\Program Files\OpenVPN\easy-rsa.
Add this line anywhere in the file, changing the IP address 18.104.22.168 to the site you picked.
route 22.214.171.124 255.255.255.255 192.168.1.1
Now restart OpenVPN. What we did is tell the computer to use the regular Wi-Fi IP address when accessing that site. If you were to look, by running route print or ifconfig /all, you will see all other traffic is using the VPN internal IP address, which probably starts with 10.
Now Test It
Here we test it by going to two different websites that show your IP address, www.whatsmyip.org and www.HideMyAss.com. Go to www.whatsmyip.org. Note the IP address below.
And below is the IP address shown on www.HideMyAss.com. Note that it is different from the IP address from www.whatsmyip.org. The site also tells you where you are geo-located. As you can see it says USA, instead of another country.
Send Traffic Out Via VPN Only for Certain Sites
This configuration is slightly more complex, as you can’t simply add an entry to the .opvn config file. This is because you need the IP address of the VPN connection, and that will not be the same every time you connect. That is not the same as the IP address of your VPN server. It is the internal IP address created by OpenVPN.
If you were to run OpenVPN from the command line and look at the logs, you would see a command like this one:
ip route add 0.0.0.0/0 via 10.3.122.254
The basically means send all traffic (0.0.0.0/0) out over the IP address 10.3.122.254. That is an internal IP address created on your computer. It is not the same as the IP address of the VPN server that you are connecting to.
Add this entry to .opvn. It tells OpenVPN to not update the routing table when you connect. In other words it says do not alter any traffic.
Then, using ipconfig or on Ubuntu ifconfig or ip route list note the internal IP address. On Windows you can also use routeprint.
The IP address you need will probably start with 10. And it will be associated with the VPN connection shown as tap or tun.
Below is what it looks like on Ubuntu with the internal address highlighted in red.
default via 192.168.1.1 dev eno1
10.3.123.0/24 dev tun0 proto kernel scope link src 10.3.123.170
169.254.0.0/16 dev eno1 scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.82 metric 100
Then enter this into the command prompt:
ip route add 126.96.36.199 via 10.3.122.0
On Windows you will use:
route add 188.8.131.52 mask 255.0.0.0 10.3.122.0
Now all traffic will go out in the normal way, and only traffic for the exempted website mentioned above will use your VPN. You can make as many routing table entries as you want like this.
If you want to learn more about VPNs, and how to get the most out of your VPN, you can check out these great articles.
So, you’ve done your research and set up your first VPN. Great! No more worries about who’s snooping on you or accessing your personal data – you’re just another anonymous netizen.
Don’t relax just yet, though. There are still a few ways that your internet connection might be revealing your true identity and location, even if you’re using a well-reviewed VPN service.
Mercifully, it is possible to plug the IP leaks responsible for exposing too much information.
Let’s take a look at the WebRTC flaw, how to test if you’re affected, and how to plug the leak so you can continue to enjoy complete anonymity.
To recap quickly: Your IP (internet protocol) address is the unique numerical identifier assigned by your internet service provider (ISP) to your internet connection. Whenever you use a website or web service, your IP address will be among the data exchanged, revealing your location, ISP and other bits of technical information.
A VPN allows you to obscure your real IP address and even appear to be on an entirely different continent. It does this by sending all data from your computer via an encrypted tunnel to an exit server. This exit server could potentially be anywhere in the world. To anyone looking in from the outside, it will appear as though this is your location. It’s one of the key reasons people purchase a VPN in the first place.
An IP leak occurs when a bug or process causes data to bypass that tunnel and gives a third party website or web service access to your real IP address.
In this particular case, the WebRTC (Web Real Time Communication) Protocol makes it possible for a service or website to request your real IP address from your browser, bypassing the VPN you’re using.
Step-by-Step Guide to testing if you have a WebRTC Leak
1. Type “What is my IP” into Google search bar
2. Make a note of the numerical address displayed at the top of the search results. It will probably look something like this: 184.108.40.206. This is your public IP address.
3. Now it’s time to make sure that this information is not visible when your VPN is on. So, turn the VPN on and connect to a server (where doesn’t matter).
4. Once the VPN is connected, visit ipleak.net, which shows a wide range of information about your IP, DNS servers, and so on. What we’re interested in are the two addresses displayed at the top of the page labelled “Your IP Address” and “Your IP address – WebRTC detection.“
Understanding the Results of the WebRTC Test
1. If both the addresses have changed to display the VPN server you selected, congratulations! Your real IP isn’t being leaked via the WebRTC flaw.
2. If neither address shows a change from your genuine IP address, then you have a problem with your VPN configuration, either at your end or at the VPN provider’s.
3. If the address displayed at the top matches your VPN setting, but the second one shows your true IP address, then you have a WebRTC IP leak.
Fixing the WebRTC Leak in Google Chrome
If you’re a Google Chrome user, all you need to do to fix the leak is download the lightweight browser extension, WebRTC Network Limiter. This allows you to reconfigure Chrome privacy settings to plug the WebRTC leak. Simple and effective.
Fixing the WebRTC Leak in Firefox
To plug the leak in Firefox, you need to access the about:config menu, by typing “about:config” in the browser address bar. Then find the media.peerconnection.enabled entry and double-click it to turn it off. It’s a good idea to empty your browser cache once you’re done.
Finish up by retesting your VPN for leaks at ipleak.net.
The internet of 2018 is a very different place from just a decade ago. Everything has gone mobile, and with it, the convenience of using advanced cloud services on-the-go has become part of everyday life.
But here’s something to consider while you’re booking your next vacation or responding to work emails from the Starbucks Wi-Fi. There are reasons to pay attention to how your phone or tablet connects to the internet. It isn’t just desktops or laptops that face problems like malicious snooping, ad tracking, and geolocation restrictions.
We’d argue that getting a good mobile VPN (Virtual Private Network) app can help ensure privacy and convenience while you’re swiping on-the-go. And the great thing is, it couldn’t be easier to get started.
In this article, we’ll set out a few reasons why you might want to consider a mobile VPN, and we’ll explore two of the best contenders on the market: the super-fast ExpressVPN, and the friendly Vikings at NordVPN.
We know, we know – security is boring. But it’d become more interesting if you were to discover that while you were asleep, someone in another part of the world was applying for an instant loan in your name, or buying Batman bath ducks on your credit card (I mean, they could at least send you one, right?!).
The sad truth is that our mobile devices are especially vulnerable to data leakage – even more so than our desktop PCs or laptops. Mobile apps regularly fail to implement security best practices, leaking information such as your age, name, location and more through unencrypted connections that are easy for adversaries to monitor.
In the mobile environment, you have little information about the connections that your device is making. On a desktop, you can at least check that all the websites you visit use secure (HTTPS) connections. But phone and tablet apps often fail to inform you of the types of connections that they’re making. So is Clash of Clans sending your date of birth securely to the game company, or to an advertiser ‘in the clear’, ready for anyone to intercept?
Without countermeasures, you can have little confidence. The good news is that VPN software can help mitigate these issues. By wrapping all the traffic on your phone in a secure encrypted tunnel, you can be assured that no-one can eavesdrop.
Is your net really neutral?
Back when the internet was only used by men with beards at Carnegie-Mellon, all traffic – email, web, voice, and video – was considered equal. But sadly, this concept – net neutrality – has taken a back seat, as carriers try to protect their existing businesses and cut costs.
People using mobile devices are particularly vulnerable. From T-Mobile’s controversial ‘BingeOn’ video feature that “helpfully” degrades video image quality, to telecoms companies in several countries cracking down on certain apps, it’s clear that the freedom to use the services you choose is especially under threat on mobile.
Mobile carriers also ‘zero rate’ (discount) certain kinds of mobile data, to give their customers access to their preferred services. While this could be convenient at times, it also effectively means that you pay more to use services that don’t have your carrier’s blessing. It also makes understanding your data usage a nightmare – if they charge for Vimeo but not YouTube, how long can you watch without going over your allowance?
Handily, a VPN can help by establishing a tunnel where different traffic types aren’t segregated. All mobile carrier restrictions are bypassed, and you’re free to roam without limits.
Everyone knows about how useful VPNs are for watching video from other countries. But if you use an Android device, then there’s another big reason to consider hooking yourself up with a good mobile VPN: many of those goodies in the Google Play Store are limited to only a few regions.
Publishers often release apps, videos, and streaming music albums first in a particular market, and sometimes only in that market. Usually, customers in the United States get the best selection – with some exceptions.
So, for example, if you live outside the US or vacation internationally, consider this. If you’d had a mobile VPN on your device, you could have had access to those sweet Pokémon Go creatures before everyone else in your city by connecting to an American VPN server. And you could have been enjoying TV shows on Hulu and CBS All Access – just like those stateside.
Get To Security Valhalla with NordVPN
NordVPN’s unique selling point is its strong commitment to its values: Scandinavian ideals of “confidence, trust, freedom and innovation.” This certainly comes across in the mobile VPN applications themselves, which are available for both iOS and Android.
As well as all of the benefits we’ve mentioned above, best vpn supports advanced features like Tor over VPN, and Double VPN, which obfuscate traffic sources and layer two VPN connections on top of one another. These are normally complex features to configure, but the app sets them up with a single click.
Geolocation is also a breeze. Using the NordVPN app, you can select a server in your chosen country from the zoomable map:
Alternatively, you can select a country from the (huge) scrolling list:
Either way, once you’ve connected a location, you can long-press it to save it to your favorites list for a quick