What does Mac's "Send all traffic over VPN connection" do?

From Mavericks help:

Select “Send all traffic over VPN connection” to send all network traffic over the VPN connection regardless of the network service you use, such as Wi-Fi or Ethernet.

For a real world example, if you had a VPN setup to tunnel to your corporate network over the Internet, the VPN would only send 'intranet' traffic over the VPN tunnel. So for example, if you wanted to access http://mycompany.intranet/ this would send packets over the VPN, but accessing http://apple.com would happen outside of the VPN.

By clicking the checkbox, all traffic would go through the VPN tunnel. In practice you may not want your personal traffic (webmail, personal web browsing etc) to go through your company VPN as it would most likely be logged and it may also be slower than just using your raw internet connection.


If you want to override the VPN, you just need to add a more specific route. I route all "local" traffic after I've connected the VPN by sending this command in terminal:

sudo route add 192.168.0.0/16 192.168.1.1

From what I can tell, checking the box in the original question simply adds a route like so:

Destination        Gateway            Flags        Refs      Use   Netif Expire
default            link#21            UCS           190        0    ppp0

Otherwise, the VPN server tells the clients what routes to add so you might see a bunch of individual routes for the private networks or you might just see the same default route like above.

To see the routes, in terminal, run netstat -rn. Although you might want to make use of more or head to only see the important ones at the top:

netstat -rn | head -n20