VPN service that offers NOT "all traffic through VPN"?

Discussion in 'Apple' started by DaveC, Mar 25, 2012.

  1. DaveC

    DaveC Guest

    Google for /etc/ppp/ip-up to answer all your questions.
    I found this:
    Create the file /etc/ppp/ip-up with following content:

    /sbin/route add SUBNET $5

    replacing SUBNET with subnet, you want to route through VPN (for ex.

    execute as root:
    chmod 0755 /etc/ppp/ip-up

    This file will be executed each time you connect to VPN.
    I substituted "SUBNET" with ".co.uk". It's not routing any traffic through
    the VPN.

    How (can I?) change the subnet in the above file such that it routes based on
    multiple domains (ie, *.co.uk* or *.ru*, etc.)?

    DaveC, Mar 26, 2012
    1. Advertisements

  2. DaveC

    DaveC Guest

    DaveC, Mar 26, 2012
    1. Advertisements

  3. It has to be numeric and have zeros in the octets that are reserved for

    In plain English, if the number after the slash (the number of bits used to
    make a netmask) is 8, then the last number must be zero, eg.
    If it is 16, then the last 2, e.g. If it is 24 then

    32 would be the default route,

    If you look hard enough you should be able to find a list of IP address
    allocated to the UK.

    Geoffrey S. Mendelson, Mar 26, 2012
  4. DaveC

    JF Mezei Guest

    Same principle, but you'll need to do this manually.

    Setup the VPN. This will set the default route to go through the VPN.

    In the System Preferences, network, you will see that your VPN
    interface is at the top. There is a way to move it down to change
    precedence. (click on the cogged wheel below the list of interfaces,
    and "set service order".)

    You want your standard ethernet interface to be above that of the VPN.

    Then you check your routes. You want to make sure yoru default route
    ( ) goes to your router

    netstat -r -n
    Routing tables

    Destination Gateway Flags Refs Use Netif
    default UGSc 148 0 en0

    you can use the route command to ensure that your default route goes to
    the IP address of your router via the en0 interface .

    At this stage, you VPN interface won't be used for much.

    You can then add routes (with the "route add" command) to point the BBC
    IP addresses to the VPN interface and/or gateway address.

    This way, when the operating system gets a request to connect to a BBC
    IP address it will route it via the VPN interface. When it gets other
    requests, it goes via the default route to your router and bypasses the VPN.
    JF Mezei, Mar 26, 2012
  5. DaveC


    Have you considered Astrill? Their last beta software seems to offer the
    feature you're looking for:


    The beta is almost finished:


    BTW: if you're interested to try/subscribe the service I can "invite"
    you (referral affiliation).

    ~±, Mar 26, 2012
  6. DaveC

    DaveC Guest

    Thanks for your interest.
    This is the fly in the ointment. I am looking for a way to specify "*.co.uk*"
    as the domain to be routed to the VPN interface, but it looks like this is
    not possible; it must be numeric IPs. I don't know (and it's probably a huge
    quantity of them) all the IP addresses BBC uses for streaming.

    Maybe I can specify a range of IP's and just specify all allocated to the

    DaveC, Mar 27, 2012
  7. I think I said that in a previous post. If I did not, I had intended to
    and appologize for not doing so.

    When I googled it, I found a lot of people asking the same question, with
    no real answer. I can be done, the list of IP address ranges and where they
    are is public and available on line, and maybe someone did post a list by

    That may have been why I did not answer.........

    The geolocating companies have an opposite list, they can search by IP and
    give you country.

    BBc.com and BBC.co.uk resolve to a 212 address, so I would start with

    Geoffrey S. Mendelson, Mar 27, 2012
  8. DaveC

    JF Mezei Guest

    Nop. Must be numeric.

    However, you can specify subnets instead of individual IPs.

    so you could specify: which would grab any to

    BBC has an AS number of 2818

    Based on one site, I saw the following blocks advertised: 4777 2516 3356 2818 4608 1221 4637 2818 4777 2516 3356 2818

    But the site I am using is often incomplete. There may be others. ALso,
    if BBC uses some CDN services such as AKAMAI or LEVEL3 then all bets are
    off because the IP address providing the video content may not be BBC.

    When you get a BBC web page that tries to display some video, you will
    need to do a "view source" or "page info , view media" and try to find
    the ip address of the video provider.
    JF Mezei, Mar 27, 2012
  9. DaveC

    DaveC Guest

    Have you considered Astrill? Their last beta software seems to offer the

    I've searched a bit and found that there's quite a bit of negative reviews
    about Astrill, particularly their customer service.

    There are lots of other VPN services that are better-rated.

    I think I'll pass...
    DaveC, Mar 27, 2012
  10. DaveC

    Patty Winter Guest

    If I'm understanding this thread correctly, in addition to providing
    VPN service, Witopia also lets you make your computer to be in another
    country so that it can access sites like BBC iPlayer that can only be
    viewed in their own countries?

    I looked at Witopia's website and couldn't find anything that mentioned
    that capability explicitly, but perhaps that's because they don't want
    to advertise that they're helping people sneak around copyright laws.
    So can someone here confirm that Witopia's service allows this, and
    also, give me an idea of what's required to set it up on Snow Leopard?

    I was asking a friend about this capability a couple of months ago,
    and he came back with a warning about using the free open proxy servers
    (for various reasons) plus a long explanation of how he (a networking
    engineer) does it himself with a bunch of UNIX programs that I really
    don't feel like installing...

    Patty Winter, Mar 27, 2012
  11. That's why you would pay for it. To get support and instructions.

    Using a free proxy server is a good idea for watching TV or listening to
    streaming audio, but you don't want to use it for anything that you send
    sensitive data to or from.

    While I'm sure most proxy servers are ok, there could be one that monitors
    what you do looking for credit card numbers, etc. Free ones more likely
    than pay ones.

    There are also other options if they still exist. One was a company that
    would put a slingbox in their data center and dedicate it to you. You used
    the regular slingbox viewer on your computer. It was not cheap, around
    a UKP a day, with discounts if you bought an entire year at one time.

    Another was a company in Gibralter which was the far end of the spot beam
    of the UK satellites. They were able to receive FTA (free to the air) the
    BBC, ITV, etc.

    They streamed the signals to you and you paid them for the bandwidth.

    It was legal in Gibralter, it may not be legal where you are, and they may
    or may not still be in business.

    Geoffrey S. Mendelson, Mar 27, 2012
  12. DaveC

    Warren Oates Guest

    Yes it works. I use it frequently. Mostly, at our level, it's used for
    that and by people from outside the US looking to get Hulu and so on; I
    use it for Pandora and the iPlayer (and the ITV player). It's also
    heavily used by people in China etc. to get around serious censorship.

    As for Snow Leopard: just follow the instructions. Their support pages
    are pretty good, and they offer one-on-one customer service (I've never
    tried it, so I can't comment on its quality). They don't have a free
    trial per se, but they do offer a money-back 30-day "guarantee."

    If you have a US address, they'll ship you a VPN'd router (they call it
    "Cloakbox") that will sit in front of all the computers on your LAN. The
    normal license only allows installation on 2 computers.
    Warren Oates, Mar 27, 2012
  13. DaveC

    Patty Winter Guest

    Huh? I don't think my friend was using commercial programs. Even
    if he was, they weren't anything I wanted to set up. He's helping
    some folks who live in countries where Internet access is restricted.
    I just need end-user software, not any kind of proxy server.

    Patty Winter, Mar 27, 2012
  14. DaveC

    Patty Winter Guest

    Thanks, Warren!
    As mentioned, I didn't see any information about using overseas media
    servers. Are you saying to just follow the instructions for their VPN
    capability, and those will include information on how to tell your
    computer to go through a proxy server?

    I saw that, yes.

    Oh, okay, Witopia might be overkill for my needs, then. I don't need
    VPN for anything so am not interested in paying for and installing any
    hardware. I just want to be able to view occasional videos on the BBC
    and CBC websites...

    Patty Winter, Mar 27, 2012
  15. DaveC

    DaveC Guest

    If I'm understanding this thread correctly, in addition to providing

    A VPN service is commonly referred to as analogous to a tunnel: you use
    software (and pay an entrance fee) to enter the tunnel and when you come out
    the other end you are somewhere else (ie, the U.K.) and your IP address (as
    it looks to everyone else) is of that new location.

    As someone else said, free VPN services are fine if you're not worried about
    sensitive information (personal info, credit cards, etc.), but they're OK if
    you just want to watch TV or such in the other country (ie, U.K.). But free
    frequently means "slow", so once again TNSTAAFL* applies.

    Good VPN services have many servers located in many countries and you can
    choose which one to "be" in those countries. Some lock you to one
    server/country, and others allow you to switch as your heart desires. (Ask
    before signing up what the service's policy is regarding this.)

    Paid VPN services abound. I'm trying out one that I've found to be the
    fastest so far and quite affordable:


    They have a free trial (REALLY 30-day free trial: the first month is free and
    you don't even give them a credit card # until the 2nd month.)

    (The following I've not confirmed but I've read that it can be an issue, so
    it bears checking out...)
    Regarding credit card use and VPNs, your credit card account sometimes (and
    PayPal, for sure) watches what IP address (and thereby the country) from
    which the card is used. This may cause a panic at your bank or PayPal if it's
    not consistent with your data on-file (this is how fraud is detected). So ask
    a potential VPN service if they offer a means to let you use your card from a
    server near your home while still using the VPN.

    Dave (originator of this thread)

    (* There's No Such Thing As A Free Lunch)
    DaveC, Mar 27, 2012
  16. DaveC

    Patty Winter Guest

    Dave, you're saying "i.e." because I mentioned BBC iPlayer, right? Surely
    the UK is just an example, not the only possible destination?

    Oh, interesting. So you say, "I want VPN service to Canada" and that's
    the only country you can go to with those companies?

    Thanks for the info!

    So if I subscribe to a VPN company that's based in the U.S. (such as
    Witopia), but I'm using them to access servers in other countries,
    if I enter a credit-card number on their website, it will be forwarded
    to the credit-card company as though I were in another country?? In
    other words, even my use of Witopia's website will go through their
    VPN to another country?

    Patty Winter, Mar 27, 2012
  17. DaveC


    OK, it was just a possible solution.

    FYI, my experience with its customer service hasn't been bad so far.
    Anyway, this is only one opinion, of course. My two cents.

    ~±, Mar 27, 2012
  18. Sorry, I didn't mean to misinform. The "Cloakbox" is another (hardware)
    product they offer. Most people just pay for the service; you already
    have some of the software, and Viscosity is free.
    Wilbur Eleven, Mar 27, 2012
  19. DaveC

    DaveC Guest

    Dave, you're saying "i.e." because I mentioned BBC iPlayer, right? Surely
    A proxy service is actually what we're talking about: a server you pay to
    have access "through" to the internet. This server is (usually) in another
    country (the U.K. is one example). Some services have you choose one country
    in which you want access to a proxy server, and that's the only country you
    can have proxy access to for that subscription. Some provide you with a menu
    from you can choose one of several (one at a time) servers and you can switch
    as desired, anytime.

    A VPN (virtual private network) is a "tunnel" and includes (usually) a proxy
    service as described above. The VPN service gives you the protection of
    encryption: the traffic between you and the remote proxy server is not
    visible to anyone short of a government (those with enough $$ to be able to
    decrypt your traffic).

    The proxy server gives you some anonymity (you are seen as being located in
    that country), but if the communication (your web browsing and e-mail
    traffic) between you and the remote proxy server is readily visible to all
    and sundry, the anonymity of the proxy service is kind of moot. Hence the
    power of VPN over simple proxy service.
    Some, yes, some no. (See above.)
    That's my understanding. I've not yet tried it but it is important to ask
    such questions of a potential VPN or proxy service provider before signing

    Good luck!

    DaveC, Mar 28, 2012
  20. DaveC

    Wes Groleau Guest

    Yes. For a better answer, read their FAQ.

    Wes Groleau

    I've noticed lately that the paranoid fear of computers becoming
    intelligent and taking over the world has almost entirely disappeared
    from the common culture. Near as I can tell, this coincides with
    the release of MS-DOS.
    — Larry DeLuca
    Wes Groleau, Mar 28, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.