Hotspot Shield Routing

Hotspot shield logoIn a Sciencetext post entitled Hide WiFi Behind a Hotspot Shield, I previously discussed how you can use that program to protect yourself from security threats while using public wireless access points in coffee shops, libraries and other public amenities. It also lets you hide traffic from your internet service provider, although that’s a different matter.

Richard Roma posted a follow-up comment asking: “Do you know of a way to utilize Hotspot Shield without it taking over the whole computer; restricting it to only work on a designated port?”

I didn’t, but IT professional Naveed Ahmad did and responded with a detailed approach to controlling which IPs are routed uniquely through Hotpot Shield. Here’s what he had to say.

Hotspot Shield is software to create a Virtual Private Network (VPN) on your computer that changes the route your internet traffic takes through the network. So, after connecting through Hotspot VPN, web browsing or any type of application’s traffic like MSN Messenger, Yahoo Messenger, Bit Torrent traffic etc. is routed through the Hotspot Shield network, in encrypted format. It is not a matter of network ports. Its all about how the route is changed.

The concept is this: you have to clear the following routes:

Network Destination Netmask Gateway Interface Metric
0.0.0.0 128.0.0.0 10.7.144.1 10.7.144.59 11
128.0.0.0 128.0.0.0 10.7.144.1 10.7.144.59 11

Note down the gateway ip “10.7.144.1? that will be used again to add a persistent route.

With following CLI commands
prompt>route delete 0.0.0.0 mask 128.0.0.0 10.7.144.1
prompt>route delete 128.0.0.0 mask 128.0.0.0 10.7.144.1

Now all your internet traffic is routed through your normal network connection as it was before connecting to Hotspot Shield. To route a specific website or any application traffic through Hotspot, you then need to add a persistent route.

For example: for Pandora.com the IP address is 66.151.149.78

Add a persistent route using the gateway IP “10.7.144.1? that you noted previously.

prompt>route -p add 66.151.149.78 mask 255.255.255.255 10.7.144.1

That;s it, now all traffic for Pandora.com will be routed through Hotspot VPN.

You can verify this by running tracert (the trace route command, or an equivalent program) for Pandora.com from a command prompt under Windows:

C:Usersnaveed>tracert pandora.com
Tracing route to Pandora.com [66.151.149.78]
over a maximum of 30 hops:
1 3 ms 1 ms 1 ms [10.7.144.1]

If you hadn’t added this route after clearing the Hotspot VPN route, the tracert result would look like this:

C:Usersnaveed>tracert pandora.com
Tracing route to pandora.com [66.151.149.78]
over a maximum of 30 hops:
1 3 ms 1 ms 1 ms mygateway1.ar7 [192.168.1.1]

192.168.1.1 will be your normal local gateway IP address on your computer without the Hotspot VPN running. To verify, how other network traffic is being carried. Try this:

C:Usersnaveed>tracert yahoo.com
Tracing route to yahoo.com [68.180.206.184]
over a maximum of 30 hops:
1 326 ms 351 ms 292 ms 192.168.1.1

You can find the IP addresses for any domain using the comman nslookup so that you can create a persistent route for them like this:

C:Usersnaveed>nslookup pandora.com
Server: mygateway1.ar7
Address: 192.168.1.1
Non-authoritative answer:
Name: pandora.com
Address: 66.151.149.78

C:Usersnaveed>nslookup blog.pandora.com
Server: UnKnown
Address: 10.7.144.1
Non-authoritative answer:
Name: blog.pandora.com
Address: 66.151.149.79

Ahmad has created a customized program (an exe file) to do all this automatically, so leave a comment if you wish to find out more or need any additional help, or email him at Hotmail username naveed004

facebooktwittergoogle_plusredditpinterestlinkedintumblrmail