I would be very curious to know a solution about this very theoretical question, any ideas?

:Thanks

There's probably an app for that.
Here's a few tips and a few apps after a quick googling around: link

Ok, I thought I had figured it out...

but this isn't quite working yet...

No risk of any packets getting anywhere other than via the VPN, and it requires no monitoring program...

Simply change your DNS servers to the VPN ones before connecting to iPlayer or whatever (there's programs to do this)

If the VPN disconnects you can't access anywhere on the internet... but you can still reconnect the VPN to reconnect as long as your connection uses IP address rather than host name
(ping host name will give you the IP address, just be aware that this might change so if you can't connect any time check it again)...

This program will change your DNS servers on the fly:

http://www.askvg.com/change-dns-settings-on-the-fly-using-dns-jumper/

To find out your DNS server details (ISP and VPN) in Windows start a command prompt and type:

ipconfig /all

PS might be worth testing you can't access your VPN's DNS servers without the VPN connection before relying on this... They shouldn't be public... but just in case you have a not so good VPN...

PPS I'll test it tomorrow by disconnecting the VPN and checking what happens...

[update] stops internet and GT but then after a few seconds they can connect again...

Maybe a trick on routes configuration will do. If you use OpenVPN for example, and issue the command: "route print" on console you will see this

Try remove the entry with red arrow with "route DEL" command(i think). OpenVPN creates a new interface that is used to encrypt all the traffic you send to out of your subnet at home. To force the traffic go trough that interface it adds to your route table the entry's with blue arrows. (It works because is given priority to the entry's with higher subnet mask for a same network destination). If you delete red arrow entry, and close openvpn, you can't connect to internet because there is no route. (entrys created by openvpn(including blue arrows) are automatically deleted and you had manually deleted the red arrow)

Looks like a possibility, but I tried deleting the route, then disconnected my VPN and I could still access the internet...

Also having a problem using the DNS method, it stops internet connection but then reopens it a few seconds later...

evil

Back to the drawing board, I think there may be some mileage in the routing table so I'll have a play with that next.

Do not use DCHP. maybe thats the problem. Use fixed IP in tcp/ip properties

It works for me. I tested with PPTP and OpenVPN.

1-Connect your VPN
2-remove the 0.0.0.0 entry for your default gateway(my case 192.168.1.1)
the command to remove that exact entry is: "route delete 0.0.0.0 192.168.1.1"
3-turn off vpn. it should be no internet.

to reset, you can just add the entry again, but its easier to go to tcp/ip properties and fill 192.168.1.1 on gateway.

Are you using Vista?
It works in XP, but not Vista. It seems that vista manages to put the deleted route back into the routing table and so after a few seconds reconnects via the ISP.

For Vista what I have done is drop the 0.0.0.0 route

route delete 0.0.0.0 192.168.1.1

Then added 3 routes

First I've added the IP of my VPN server host (xx.xx.xx.xx) so that I can reconnect to it even when the 0.0.0.0 route is removed

route add xx.xx.xx.xx mask 255.255.255.255 192.168.1.1 metric 1

Then I've added two routes for the ISP DNS ip's and directed them to a non existent ip address to prevent them from working

route add 192.168.4.100 mask 255.255.255.255 192.168.1.254 metric 1
route add 192.168.8.100 mask 255.255.255.255 192.168.1.254 metric 1

This seems to stop Vista finding an alternate route (and re-adding the 0.0.0.0 entry when the VPN disconnects)

So by placing these 4 route commands in a bat file (run with administrator privileges) I can set the PC to only be able to access the internet via the VPN connection.

This only needs doing once as the VPN can be reconnected without changing any routing and then carry on...

I think your static ip address might also work, I'll check that out later.

If you add your vpn hostname ip then you won't need to worry about re adding/removing the 0.0.0.0 entry or setting the gateway each time.

Im using Win7. maybe dhcp is responsible for re-adding of the "0.0.0.0 192.168.1.1" route. By your settings, you seem to trick windows to not dhcp rediscover, because the routes for all the requested ip's are there. But for example if you put in your browser a random public ip(with vpn turned off) it may trigger dhcp rediscover to find route?

I'm a MUPPET


I had my DNS server IP address set manually on the network adapter which is probably why it was able to resolve names without the 0.0.0.0 route

I've set that to obtain automatically and it seems to work now...
so just remove the 0.0.0.0 route and add a route for your VPN

Maybe add the VPN route permanently with -p you can then just remove/add 0.0.0.0 depending if you want to force VPN or not.

Thanks for your help

Have written it up on my blog if anyone wants step by step instructions

This seems to be a problem. I hope there is a way when you get disconnected to your current VPN connection, another will replace it right away and like having a few seconds interval. It won't hurt the account if that's the case.

I use OpenVPN, but don't have any idea if it is possible.