And then ran it with a video streaming in the background: $ iftop -n -i wlan0 interface: wlan0 IP address is: 192.168.1.3 MAC address is: 00:24:b2:a0:4a:f3 pcap_open_live(wlan0): wlan0: You don't have permission to capture on that device (socket: Operation not permitted)
$ sudo iftop -n -i wlan0
Wow. That gives an interactive chart, with Mbps on the top along the x axis, and IP addresses inside the interactive chart.
I'll have to read up on iftop to better understand how to interpret what I'm seeing happen, while I'm downloading files.
Thanks for all the great advice! You're a life saver!
I never would have, on my own, been able to conclude that. It's interesting that vpnoneclick splits the Internet into two halves, for example, as that's not intuitive.
Here is the free VPN solution that I was/am using: http://216.185.105.35/vpnoneclick/
It is interesting that "B" even exists, but, a clue that it does may be that when I "kill -9" the VPN process, instantly I am back to my old ISP static IP address when I immediately issue an "inxi -i" command.
This reversion back to the old routes is so fast, that I don't think the network manager is all that involved.
After rebooting, here is the route before running the VPN command:
$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 This is your original default route.
192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0 This is a route to your LAN out of wlan0.
After running the vpn initialization command, here is the route: $ gksudo vpn1click & $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.43.0.209 128.0.0.0 UG 0 0 0 tun0 This covers a destination of 0.0.0.0 to 127.255.255.254. This is the 1st half of the Internet split by the VPN provider.
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 wlan0 This is your original default route.
10.43.0.1 10.43.0.209 255.255.255.255 UGH 0 0 0 tun0 Unsure what the significance of this is.
10.43.0.209 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 This means that 10.43.0.209 can be reached by a packet out of tun0.
198.143.153.42 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0
108.178.54.10 192.168.1.1 255.255.255.255 UGH 0 0 0 wlan0 These two are static routes added by the VPN client software. The only traffic that doesn't traverse tun0 is traffic to these two IP addresses.
128.0.0.0 10.43.0.209 128.0.0.0 UG 0 0 0 tun0 This covers a destination of 128.0.0.0.1 to 255.255.255.254. This is the 2nd half of the Internet split by the VPN provider.
192.168.1.0 0.0.0.0 255.255.255.0 U 9 0 0 wlan0 This is a route to your LAN out of wlan0.
A "fake IP" is no use if you ever want to see a response to your requests. It's like giving a fake Paypal address to someone in order to receive payment.
I and many others use a fake IP when surfing the internet and have no problems getting a response. Don't know how it works just know that it does. Always get my downloads and other stuff that gives me a response. There are several browser addons that will give you a fake IP that the internet sees. I have tested that everyone only sees the fake IP by going to different sites that tells you what your IP is. All of them show the fake IP not the real one. Don't bother testing anymore.
In your case, it /should/ be quite easy. For the sake of argument, assume that the only traffic you see on wlan0 is between you and your default gateway. Kick of a download: all the traffic on wlan0 is going to/from either 198.143.153.42 or 108.178.54.10, or both. The proportion of which is indicated by the length of the bar next to the IP address. There are plenty of other ways you could work this out, but this is the quickest way for this specific task.
If we assume that all tunnels are split to one degree or another, then we need a new name for the commonly used 'split tunnel'. I suggest, in honour of Caver1, that we call these 'tabbed' tunnels.
Tip: 'killall vpn1click' may do the trick here and is less cumbersome [you'll need to sudo that if you're not root].
A bug perhaps? Perhaps the last time you ran it, it didn't delete that route, and then the next time you ran it, you connected to a different server of theirs, hence the two static host routes?
What you're saying *ONLY* applies to a split tunnel. The OP asked about a full tunnel. There's some aspect of 'full tunnel' that you're not getting, like the 'fullness' of it.
Caver1 is pissing himself laughing at the amount of effort you are putting into earnestly re-explaining VPNs to him. If he didn't get it the first 20 times then it seems unlikely that attempt #21 is going to work.
I think I see where the train left the tracks. You don't send traffic "to a VPN". You establish a VPN connection, and then you simply send traffic. If the VPN is a full tunnel, everything goes into the tunnel. If it's a split tunnel, certain traffic goes into the tunnel and the rest doesn't, based on your routing table. The VPN provider injects routes into your routing table to control what goes into the tunnel and what doesn't.
Again, for clarity: You don't send traffic to a VPN. You simply send traffic, just as you always do.
Char Jackson wrote, on Sat, 06 Sep 2014 13:30:53 -0500:
I am thoroughly confused by *every* answer from Caver1, almost as if he's trying to confuse me, on purpose.
What his answer seems to be saying is that the ISP, from the ISP's own home (or whatever), can "see" yahoo, google, etc. But, that's a dumb question if that's what he thought I had asked.
I was asking if "I" were on the VPN we've discussed, which appears to be a full-vpn solution (http://216.185.105.35/vpnoneclick/), and then "I" went to google, yahoo, bittorrent, nntp, etc., could the ISP see two things:
Could the ISP see that I went to those domains?
Could the ISP see what port I was going to?
Caver1 says yet. Char says no. I would hope that Char is right.
You're probably right. Oh well, it was an otherwise slow day and I learned a few things. I now know that there's no such thing as a split tunnel, that a split tunnel and a full tunnel are the same thing and behave exactly the same way, that a VPN is tied to the browser tab that spawned it, and that fake IPs can actually be useful.
It's all a load of crap, of course, but it was new crap, and I always enjoy new things.
That's a distinct possibility. He's using a combination of gibberish, laced with an actual true statement now and then, so it could be intentional. That wouldn't be very nice, but it happens.
You already know my answer. It hasn't changed. :-)
it does not, your other posts to date do not esplain how it works, they only make claims about its behaviour that do not match how all the VPS ever ever heard about work.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.