Securing VPN connection using Route delete & Route add?

Discussion in 'privacy technology' started by illumins, Feb 11, 2011.

Thread Status:
Not open for further replies.
  1. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    What does it mean if the metric changes from 20 to 1, any privacy implications?

    I run a route delete command: (to protect my real ip from leaking when my OpenVPN disconnects)

    route delete 0.0.0.0 192.168.1.1

    When my OpenVPN connection disconnects, I will run a route add command:

    route add 0.0.0.0 mask 0.0.0.0 192.168.1.1

    After doing a route delete and add, I noticed that running a netstat -r, the Metric changes from 20 to 1. Everything else remains the same.

    Network Destination 0.0.0.0
    Netmask 0.0.0.0
    Gateway 192.168.1.1
    Interface 192.168.1.102
    Metric 1 (Instead of 20)

    After this I would then connect to OpenVPN and do another route delete to secure my VPN connection again.


    Although what does it mean when the metric changes from 20 to 1?
    Does this affect anything privacy or security related?
     
    Last edited: Feb 12, 2011
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    To my understanding, the lower the metric, the sooner that network rule/route/adapter is considered. Metric 1 rules/route/adapter take precedence over higher numbers.
     
  3. illumins

    illumins Registered Member

    Joined:
    Jan 13, 2011
    Posts:
    26
    Hi Steve, so basically after running a route delete than a route add, I will connect to my OpenVPN once again, and then run another route delete.

    The route/gateway with the changed metric (from 20 to 1) will be deleted again anyhow, so then this should not be any different than the first time I connect to my OpenVPN and run a route delete?

    To illustrate:
    1. Metric: 20 (Gateway 192.168.1.1, etc etc.)
    2. OpenVPN Connect
    3. route delete 0.0.0.0 192.168.1.1

    VS

    1. Metric: 1 (After route delete, and route add)
    2. OpenVPN Connect
    3. route delete 0.0.0.0 192.168.1.1

    There shouldn't be any difference between the two? My real ip address or vpn encrypted traffic shouldn't be more prone to leaking? (to my isp or the websites/traffic I visit?)
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    It would require seeing the rest of the routing rules in your windows network config, because subsequent rules could reroute those addresses or change your default gateway, and if you have rogue adapters your network might start trying to speak out of that adapter instead of the tap adapter you intend.

    You may like this, it does some all-or-nothing routing for openvpn:

    How to prevent OpenVPN DNS leaks
     
Loading...
Thread Status:
Not open for further replies.