noob question 'Direct clients to redirect Internet traffic' ?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Netbug

Regular Contributor
Got my VPN Server setup and all works dandy etc.

Just wanted to ask a quick question.

If i select 'yes' to 'Direct clients to redirect Internet traffic', i'm assuming that means the client (myphone in this case) will have all it's traffic tunnelled through my vpn (at home) ie. when i'm at some coffee shop with wifi, but if i selected 'no', i'm assuming it means altough i'm connected to my vpn (at home) my taffic won't be tunnelled through my vpn so when at coffee shop using their wifi the traffic won't be tunnelled through the vpn if i selected 'no' ? Bit confused over it.

any explanation on Respond to DNS and Advertise DNS to clients would also be appreciated as don't quite get their purpose. I know what DNS is.

Cheers
 

martinr

Part of the Furniture
Have a look here - a pretty good covering of your questions:

http://www.snbforums.com/threads/vpn-question.31659/#post-252150

Your first part is essentially correct. As I understand it if you selected No to Direct Clients to Redirect Internet Traffic, your traffic would still go down the VPN tunnel from the coffee shop to your home router, but it wouldn't then be allowed back out (unencrypted) onto the Internet. So you'd be able to access your router and devices on your home network, but you wouldn't be able to use the tunnel for Internet surfing.
 

yorgi

Very Senior Member
Got my VPN Server setup and all works dandy etc.

Just wanted to ask a quick question.

If i select 'yes' to 'Direct clients to redirect Internet traffic', i'm assuming that means the client (myphone in this case) will have all it's traffic tunnelled through my vpn (at home) ie. when i'm at some coffee shop with wifi, but if i selected 'no', i'm assuming it means altough i'm connected to my vpn (at home) my taffic won't be tunnelled through my vpn so when at coffee shop using their wifi the traffic won't be tunnelled through the vpn if i selected 'no' ? Bit confused over it.

any explanation on Respond to DNS and Advertise DNS to clients would also be appreciated as don't quite get their purpose. I know what DNS is.

Cheers
Direct clients to redirect internet traffic: If this feature is enabled all traffic will go via the router and depending on your bandwidth speeds it can be very slow on the clients receiving end.

Ideally the majority of users should keep the Redirect Internet Traffic option disabled. It means the remote client will still use his own WAN access for all Internet traffic, and only use the VPN tunnel when trying to access a resource in the home LAN network. This is what VPNs were originally designed to do.

Respond to DNS: enable this along with Advertise DNS to clients and when you connect you will be using the DNS of the VPN server.
This is great if you are in a coffee shop and the DNS is some local ISP and you would rather use google or openvpn dns, by enabling this feature you will be using the DNS of your VPN server rather then the coffee shop.
 

elorimer

Very Senior Member
Now I'm confused. (Thanks martinr for the link to that helpful post, btw).

I thought Direct Clients to Redirect Internet Traffic = no meant that in the coffee shop connected to the home router by VPN, traffic to the home LAN would go over the VPN, but traffic to the Internet would not and could be sniffed. Yes means that all traffic goes over the VPN, and then out unencrypted from the home router to the Internet.

So, in the coffee shop you would want "yes". But if you were in a secure location, like another home LAN, mom's house, work LAN, then you would want "no" so Internet traffic goes out from that LAN and not over the VPN. Or, if you have used a Merlin Asus router as a client to connect to a Merlin Asus router as a server, the Internet traffic for the client network wouldn't be redirected over the VPN, only the traffic for the server LAN would be.
 

martinr

Part of the Furniture
I think you're right: I just switched off the wifi on my phone and connected to the Internet with 3G. With the Redirect setting set to Yes, and then going to Whatsmyip.org, I got my home IP address. With the setting set to No and reconnecting the vpn and going to that site, I got a different IP address, but more importantly, I was able to access the Internet.
 

martinr

Part of the Furniture
Confirmed. You are right. Apologies for the duff information. I just tested it from a public wifi with the setting set to No. And whilst I could access my router through the tunnel, when I checked whatsmyip.org I got the IP address of the public wifi and NOT my home IP address, so I was linked to my home network via the vpn but my internet traffic went via the public wifi and not via the tunnel.
 

Netbug

Regular Contributor
thanks very much for replying, i understand now. sorry for late reply. thanks
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top