I'm using OSX Mavericks at the moment. Looking through VPN options (L2TP in my case), I see that it is possible to "Send all traffic over VPN connection".
However, I cannot figure out if I don't click it, what traffic goes through the VPN connection and what doesn't? Can I specify this? And if I do click it, does it mean that even local subnet traffic goes through this VPN connection?
More generally, I'm really trying to figure out what this checkbox means.
2 Answers
From Mavericks help:
Select “Send all traffic over VPN connection” to send all network traffic over the VPN connection regardless of the network service you use, such as Wi-Fi or Ethernet.
For a real world example, if you had a VPN setup to tunnel to your corporate network over the Internet, the VPN would only send 'intranet' traffic over the VPN tunnel. So for example, if you wanted to access this would send packets over the VPN, but accessing would happen outside of the VPN.
By clicking the checkbox, all traffic would go through the VPN tunnel. In practice you may not want your personal traffic (webmail, personal web browsing etc) to go through your company VPN as it would most likely be logged and it may also be slower than just using your raw internet connection.
3If you want to override the VPN, you just need to add a more specific route. I route all "local" traffic after I've connected the VPN by sending this command in terminal:
sudo route add 192.168.0.0/16 192.168.1.1From what I can tell, checking the box in the original question simply adds a route like so:
Destination Gateway Flags Refs Use Netif Expire
default link#21 UCS 190 0 ppp0Otherwise, the VPN server tells the clients what routes to add so you might see a bunch of individual routes for the private networks or you might just see the same default route like above.
To see the routes, in terminal, run netstat -rn. Although you might want to make use of more or head to only see the important ones at the top:
netstat -rn | head -n20
