How to Always / Only Use VPN Connection and block ISP - Make applications only use VPN Connection.
This tutorial will explain you how to use Windows Firewall to block non-VPN traffic for selected applications, e.g. your torrent client, a browser, download manager, etc.
VPNs are great for added security when using the Internet - but what about when the VPN drops or disconnects? Unfortunately, if you use Windows (any version), any running application (for example, BitTorrent, your browser) will revert to using your ISP connection, exposing your IP address and opening you up to security and privacy issues. This is of particular concern when using a VPN to secure a public wi-fi spot. Windows will not prevent traffic in the event of a disconnect.
There are many guides found online to prevent this using third-party firewalls such as [[Comodo Firewall|Comodo], or using a third-party applications such as VPNetMon or VPNCheck (neither of which I know anything about, and cannot speak to their reliability or safety).
This guide will show you how to configure Windows 7 Firewall to block any specified application (I have used Firefox as an example - but you can pick any application, e.g. utorrent or your preferred torrent client) from using your ISP connection, and permit it to connect the the Internet using only the VPN connection. Users who are unfamiliar with the basic aspects of Windows 7 Firewall may wish to consult this guide. Unfortunately, this will not work with the built-in firewall in Windows XP or Vista.
If the method described below does not work for you (or perhaps you don't want to mess with your firewall, or you use Windows XP / 2000 / Vista / Mac OS X), consider using a VPN that offers a client with IP Binding, which will prevent any selected application(s) from accessing the Internet in the event of an unexpected disconnection.
HideMyAss! offers PPTP, L2TP and OpenVPN, and a client that can bind all network traffic to the VPN connection.
Preliminary Considerations:
1. If you use an antivirus program such as avast! that has a Web Shield / Filter that passes HTTP traffic through an antivirus/malware scan, you may want to consider this post.
2. The IPv6 functionality in Windows 7 can also leak IP information - you may wish to disable it - see the guide here.
3. After you complete the steps in this guide, you may want to consider adding a rule to block all traffic that does not match a rule to the Domain profile. See the guide here.
4. If you want to create these rules for one user account, and maintain less strict rules for another user account, please see this post.
5. If you are blocking a torrent application such as uTorrent, you'll want to disable uTP, DHT, UPnP, Local Peer Discovery and IPv6.
Steps:
1. Connect to your VPN as you normally would.
2. Open the Network and Sharing Center - right-click on the Internet connection icon in the taskbar and choose "Open Network and Sharing Center" (see below)
3. You should see (at least) two networks listed under "View Your Active Networks" - your VPN connection and one called "Network" - a.k.a. your ISP Connection. Ensure that your VPN is a "Public Network", and your ISP connection is "Home Network". If you need to change either connection, click it and an option window will appear (see below).
4. Go to the Control Panel and click System and Security (see below).
5. In the resulting window, click Windows Firewall (see below).
6. In the Windows Firewall window, click Advanced Settings on the left pane (see below).
Note: You must be logged in as an Adminstrator to make changes to the Firewall Settings.
7. You should see a window titled Windows Firewall with Advanced Security. In this window, click Inbound Rules (see below).
8. On the right pane, you will see an option for a New Rule. Click it (see below).
9. In the New Inbound Rule Wizard (which should appear), do the following:
10. Repeat Step 9 for Outbound Rules.
When all of the above steps are complete, you should test the configuration. Run the application you made the rule for, and test that it is working when the VPN is connected. Start a download, and then disconnect from the VPN. If all is configured properly, the download should die immediately as the firewall will immediately block it from using your ISP-assigned IP address. If you wish to monitor traffic closely, use TCPView
Repeat step 9 and 10 for other applications you want IP binding to be enabled with, e.g. your browser, download manager, a game, etc.
This tutorial will explain you how to use Windows Firewall to block non-VPN traffic for selected applications, e.g. your torrent client, a browser, download manager, etc.
VPNs are great for added security when using the Internet - but what about when the VPN drops or disconnects? Unfortunately, if you use Windows (any version), any running application (for example, BitTorrent, your browser) will revert to using your ISP connection, exposing your IP address and opening you up to security and privacy issues. This is of particular concern when using a VPN to secure a public wi-fi spot. Windows will not prevent traffic in the event of a disconnect.
There are many guides found online to prevent this using third-party firewalls such as [[Comodo Firewall|Comodo], or using a third-party applications such as VPNetMon or VPNCheck (neither of which I know anything about, and cannot speak to their reliability or safety).
This guide will show you how to configure Windows 7 Firewall to block any specified application (I have used Firefox as an example - but you can pick any application, e.g. utorrent or your preferred torrent client) from using your ISP connection, and permit it to connect the the Internet using only the VPN connection. Users who are unfamiliar with the basic aspects of Windows 7 Firewall may wish to consult this guide. Unfortunately, this will not work with the built-in firewall in Windows XP or Vista.
If the method described below does not work for you (or perhaps you don't want to mess with your firewall, or you use Windows XP / 2000 / Vista / Mac OS X), consider using a VPN that offers a client with IP Binding, which will prevent any selected application(s) from accessing the Internet in the event of an unexpected disconnection.
HideMyAss! offers PPTP, L2TP and OpenVPN, and a client that can bind all network traffic to the VPN connection.
Preliminary Considerations:
1. If you use an antivirus program such as avast! that has a Web Shield / Filter that passes HTTP traffic through an antivirus/malware scan, you may want to consider this post.
2. The IPv6 functionality in Windows 7 can also leak IP information - you may wish to disable it - see the guide here.
3. After you complete the steps in this guide, you may want to consider adding a rule to block all traffic that does not match a rule to the Domain profile. See the guide here.
4. If you want to create these rules for one user account, and maintain less strict rules for another user account, please see this post.
5. If you are blocking a torrent application such as uTorrent, you'll want to disable uTP, DHT, UPnP, Local Peer Discovery and IPv6.
Steps:
1. Connect to your VPN as you normally would.
2. Open the Network and Sharing Center - right-click on the Internet connection icon in the taskbar and choose "Open Network and Sharing Center" (see below)
3. You should see (at least) two networks listed under "View Your Active Networks" - your VPN connection and one called "Network" - a.k.a. your ISP Connection. Ensure that your VPN is a "Public Network", and your ISP connection is "Home Network". If you need to change either connection, click it and an option window will appear (see below).
4. Go to the Control Panel and click System and Security (see below).
5. In the resulting window, click Windows Firewall (see below).
6. In the Windows Firewall window, click Advanced Settings on the left pane (see below).
Note: You must be logged in as an Adminstrator to make changes to the Firewall Settings.
7. You should see a window titled Windows Firewall with Advanced Security. In this window, click Inbound Rules (see below).
8. On the right pane, you will see an option for a New Rule. Click it (see below).
9. In the New Inbound Rule Wizard (which should appear), do the following:
 |
 |
 |
 |
10. Repeat Step 9 for Outbound Rules.
When all of the above steps are complete, you should test the configuration. Run the application you made the rule for, and test that it is working when the VPN is connected. Start a download, and then disconnect from the VPN. If all is configured properly, the download should die immediately as the firewall will immediately block it from using your ISP-assigned IP address. If you wish to monitor traffic closely, use TCPView
Repeat step 9 and 10 for other applications you want IP binding to be enabled with, e.g. your browser, download manager, a game, etc.
No comments:
Post a Comment