37

What is the easiest way to ensure all traffic goes through the VPN in Windows 10? Are there any built in ways? I'm basically looking for an internet kill switch in the case the VPN fails.

I read that sometimes the OS gets confused and for some random reason just doesn't use the VPN when sending traffic, is this actually a valid concern?

Improve this question
4
  • Setup the VPN to do that then connect to it
    – Ramhound
    Commented Jan 4, 2016 at 3:32
  • @Ramhound the VPN manager I use has a kill switch, but it's buggy, especially if multiple network interfaces are present.
    – Celeritas
    Commented Jan 4, 2016 at 3:35
  • When I indicate, "setup the VPN", I mean configure the VPN not to leak your personal information. A properly encrypted VPN will automatically connect you to the virtual private network, and all traffic will go through that network, nothing special has to be done once that is done.
    – Ramhound
    Commented Jan 4, 2016 at 4:42
  • I would assume because of the apparent lack of research on the topic
    – Ramhound
    Commented Jan 8, 2016 at 11:46

3 Answers 3

Reset to default
18

Note:

Be sure you have only one network adapter enabled, example: if you are using ethernet, be sure wireless is disabled. If using wireless be sure no ethernet cable is connected, or disable the adapter in networking and sharing center > change adapter settings.

Open command prompt and do a command: 

netstat /r

note the Interface ip address on the 0.0.0.0 line in the "Active Routes" section , lets just say it is 192.168.0.1

Connect to your VPN

Do another netstat /r

Note you will see a new ip route for the vpn (second 0.0.0.0. line), note that Interface new route ip

Now kill the original non vpn route with this command

route delete 0.0.0.0 192.168.0.1

then do another netstat /r

you will only see your vpn route now, and if your VPN line drops, you lose that route, so there are no more 0.0.0.0 routes and your external connection will be immediately cut off. If you want to access the internet you'll need to add the original route back with this command:

route add 0.0.0.0 mask 0.0.0.0 192.168.0.1 IF 8

The "IF 8" means "interface 8". The number 8 may be different on your computer, look at the output of netstat -r to get the correct number of your interface in the Interface List

All that being said I would disable ipv6, I have done this with no issues after doing so.

disable ipv6 command:

netsh interface teredo set state disabled

Enable ipv6 command:

netsh interface teredo set state default
Improve this answer
7
  • "Be sure you have only one network adapter enabled," what about the virtual adapters, such as those used by VMware?
    – Celeritas
    Commented Jan 4, 2016 at 8:59
  • See answer above by dxiv
    – Moab
    Commented Jan 4, 2016 at 19:05
  • After doing the route delete command I got the error The route deletion failed: Element not found.
    – Celeritas
    Commented Jan 12, 2016 at 8:01
  • You did something wrong.
    – Moab
    Commented Jan 12, 2016 at 15:50
  • @Moab Use gateway IP instead of destination IP
    – Ankit_Shah55
    Commented Jan 26, 2017 at 7:34
13

These are 2 questions rolled into one.

I'm basically looking for a internet kill switch in the case VPN fails

@Moab's answer settles this question nicely.

What is the easiest way to ensure all traffic goes through the VPN in Windows 10?
Is there any built in ways?

This is a different question. Note that all traffic goes through the VPN has an implied "as long as the VPN connection is up". The built-in way to route Internet traffic over VPN will transparently fallback to the local Internet connection if the VPN gets disconnected for whatever reason.

That said, the following steps should answer the 2nd question:

  • right click the Start button, select Network Connections
    • then click "Change adapter options" (as of Windows 10 version 1703)
  • click the VPN connection you want to use, right-click, select Properties
  • click the Networking tab, select IPv4 from the list, click Properties
  • click Advanced, make sure "Use default gateway on remote network" is checked
  • repeat previous step for IPv6 if applicable
Improve this answer
7
  • I couldn't see ""Use default gateway on remote network", after clicking advanced, but under the label "default gateways", the list was blank.
    – Celeritas
    Commented Jan 12, 2016 at 8:04
  • There is no label "default gateways" that I can find in the steps listed above. Either you ended up in the wrong place, or maybe you are using some 3rd party VPN other than the Windows built-in one, in which case that should have been the very first thing to point in your question.
    – dxiv
    Commented Jan 12, 2016 at 8:16
  • I didn't know Windows 10 had a built in one
    – Celeritas
    Commented Jan 12, 2016 at 8:41
  • @Celeritas Windows has had a built-in VPN client for(virtually)ever. If you are not using it, but instead some other 3rd party alternative then both my answer and Moab's have been a waste of time. Please provide the full context when you ask a question next time.
    – dxiv
    Commented Jan 12, 2016 at 8:48
  • 1
    if Windows comes with a VPN then why does virtually everyone who uses VPN use a 3rd party alternative?
    – Celeritas
    Commented Jan 12, 2016 at 9:33
-1

If you need to make sure that all the traffic goes though a single IP or pool known to you, you may adjust firewall blocking all other addresses leaving that single IP. Say, you need to use 10.10.10.10 only, so you should block all from 0.0.0.0 to 10.10.10.9 and from 10.10.10.11 to 255.255.255.255.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .