Here, you're only routing traffic destined for 10.10.10.0/24 to the "tap0" interface. "tap0" is a virtual/imaginary interface that linux uses to "fake" a layer-2 connection. So in your particular case, when you send a web request to whatsmyip.com or whatever, that particular traffic is going out your normal ethernet (eth0) interface, which means the service will do a DNS lookup and see your normal, non-tunneled IP address.
If you can, use the VPN connection to SSH or telnet or remote desktop or VNC or whatever to a computer that's on the 10.10.10.x network. Then from THAT machine, do a "whatsmyip" and you should see something different, because (presumably?) that computer will have a different default route to the internet.
Note: The guidance I provide here, if you intend to follow any of it you do it at your own risk and I take no responsibility for your actions. The first thing I needed to do was...unlike how most articles I found online say that I need to ONLY remove the WAN Miniport drivers under Device Manager's Network Adapters, I actually had to remove ALL Network Adapters under there. Maybe its overkill, I dunno, its the only thing that worked for me.
How to Achieve Removal of All Network Adapters in Windows 8.1
- You need to update each one individually to an arbitrary kernel driver. I used some random Bluetooth driver at the top of the Microsoft drivers list.
- You need to right click the newly updated driver and
Uninstall
it.
Sometimes, you may find you have issues uninstalling these drivers. One issue I had was blue-screens that would happen every time I tried to uninstall a particular one of them. However, I found these tools a huge help (again, use them at your own risk). Once I followed the guide and ran WAN Miniport Repair Tool Version 2 and then ran the WAN Miniport Installer, no more bluescreens, just that it installs more devices under Network Adapters, so now you need to go through a few reboots and uninstall these drivers a few times, over and over again. Its painful and time consuming, but worth it.
If you hit the Windows key and type services.msc
, you will find, in Windows 8.1, a neat little service called Remote Access Connection Manager. This will enable some of the Miniport adapters for you. Otherwise, if they are not enabled and are hidden in Device Manager, you will not be able to update them as they will not take on another arbitrary kernel driver. Start and Stop this service at will in order to enable these drivers for updates.
Make sure to remove all drivers. Once you are done removing them all, start the Remote Access Connection Manager service again and see if you have any more faulty drivers. This time, just look for the yellow warning icons and update only the ones with these icons. Repeat this process (keep restarting the Remote Access Connection Manager until all of them no longer have the icons).
This service should only be starting the Miniport drivers, so all you should have now is the Miniport drivers and the RAS Async Adapter. I also updated and uninstalled the RAS Async Adapter at some point. I am not sure if that also required me to start a different service or not anymore (the other service was Remote Access Auto Connection Manager).
At this point, with only Miniport adapters showing, I rebooted, one last god damn time, and it worked. I was so happy I could cry (but didn't - I would never).
I had to, by the way, start hard rebooting to make things less time consuming by holding the power button, and pressing CTRL+ALT+DELETE when the "Please wait" screen in Windows came up to bypass it from going into that annoying startup options window.
Best Answer
The CheckPoint VPN client can be configured to decide which host requests flow across the VPN and what don't (instead, that traffic uses your local gateway to get out to the Internet).
From CheckPoint's manual here:
They are (probably) doing this to prevent all your non-University traffic from flowing through their Internet connection while you're connected to the VPN.
Since the CheckPoint client gets this list from the CheckPoint VPN server, the person in charge of the server-side would have to add the service's address to the allow list so that it (the VPN client) will redirect requests for that site via the VPN, making it appear that you are connecting from the University.