How to determine and control extent of data passing through VPN connection?

VPNs have two main routing modes:

• Full tunnel - All network traffic is routed through the VPN
• Split tunnel - Network traffic for specific ranges is sent through the VPN, but general Internet traffic is not.

Many corporate VPNs operate in full tunnel mode to give their network team more control. For example, you can only browse the Internet through the corporate filtering proxy. Some VPN clients go to great lengths to enforce full tunnel mode, and some laptops are configured so there is no direct Internet access at all, and you have to connect to the VPN to do anything.

A simple way to investigate is to browse to whatsmyip.org and see whether this is your home or work IP address. Or you can use the "route" command to view the routing table. Look for the default route (0.0.0.0) - and see if the default gateway is your local router, or the VPN endpoint. You can also use network monitors (e.g. nettop on Linux; Windows Task Manager has a simple one) to monitor the amount of traffic going through the VPN. It's not so easy to monitor the non-VPN traffic, as the local interface traffic includes the encrypted VPN tunnel.

A common scenario is that your VPN if configured in full-tunnel mode, and you want split-tunnel. If you have control over the VPN software you can configure it to perform split tunnelling e.g. with OpenVPN look at the redirect-gateway configuration option. If your VPN client is locked down, then a good option is to run the VPN within a Virtual Machine. That VM will operate in full-tunnel mode, but network traffic from the host (or other VMs) will not.