topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 5:19 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects  (Read 21897 times)

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Hello to all.

As far as I know, what I want doesn't exist.  But I could be wrong.  In any event, I'm excited about seeing someone here develop an easy-to-use app that will do what I want without being complicated or otherwise being a drain on PC resources.

Now, I myself don't code, as may be obvious, but would like to.  In fact, I'd love to "sit in" with the programmer and see if I can learn some basic programming.  If this is possible, and it wouldn't be too cumbersome, I'm certainly willing.

Anyway, here's the deal.

I use a personal VPN application (the one from Witopia, using OpenVPN) and find that applications on my PC (anti-virus looking for updates, DNS Crypt by OpenDNS, etc.) are gaining access to the network prior to my VPN connecting.  Additionally, I also find that these and other applications (Thunderbird, Firefox, etc.) are able to connect to the network if and when the VPN loses connectivity.

Witopia tells me that their product is doing what it's designed to do, but in so learning this I realize that the VPN is not doing for me all that I both expect and want, that being ALL traffic at ALL times being routed through the VPN.  And if the VPN is not connected, then nothing gets online.

So, what I'd like to find is an application that can, basically, block all internet traffic (internal to my network is fine) any time the VPN is not connected.

Now, having said that, there is, at least at this time, only one caveat to that.  Occasionally I will be at a location, typically a hotel/motel but even my company's own "Guest" network, which requires some authentication through a browser.  Obviously, if I'm having ALL network traffic blocked by this app I won't be able to authenticate.  So what I'm thinking would be nice is to have the app written in a way that would allow a specific browser (K-meleon, Maxthon, etc.) to have network connectivity without restriction.  So then, I'd use that browser to authenticate to that network, at which point my VPN would make it's connection and then I'd be good to go.

Does that make sense?

Well, I guess at this point I sit back and see what feedback I get.  Also, if someone does know of an existing app that does what I need, or at least pretty close to it, or if there are some setting in Windows that I can enable/disable/whatever to accomplish what I want with ease, please do let me know.  I'll poke around the internet in the meantime and see what I can see.

Thanks so much for your consideration and I really look forward to this whole process.   :)

Emma

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #1 on: June 28, 2012, 12:27 PM »
Even though I'm not an expert in the matter, this seems like the kind of stuff that exists already. Looks like an outgoing firewall which allows only VPN packets out would solve it. However, you would have to disable it when connecting at browser-based authentication site.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #2 on: June 28, 2012, 12:39 PM »
Even though I'm not an expert in the matter, this seems like the kind of stuff that exists already. Looks like an outgoing firewall which allows only VPN packets out would solve it. However, you would have to disable it when connecting at browser-based authentication site.

I think I saw something on Torrent Freak about this, but I'm tired and need to get some sleep... Maybe someone can follow up...
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #3 on: June 28, 2012, 01:08 PM »
Even though I'm not an expert in the matter, this seems like the kind of stuff that exists already. Looks like an outgoing firewall which allows only VPN packets out would solve it. However, you would have to disable it when connecting at browser-based authentication site.

I wondered about that myself as it would seem to be the ideal place to enable such restrictions.  I'll see what I can find; thanks.

magician62

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 178
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #4 on: June 28, 2012, 01:36 PM »
I am not sure and am unable to check this as at present have no active VPN, but can you not just disable your existing connection  in Network and sharing center and create the VPN connection ? (win 7)
Why an I Magician62? Because Magician1 thru 61 were gone. :)

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #5 on: June 28, 2012, 01:52 PM »
I am not sure and am unable to check this as at present have no active VPN, but can you not just disable your existing connection  in Network and sharing center and create the VPN connection ? (win 7)

Well, if I'm understanding you correctly, this suggestion would be problematic if only because then I would have no connection from the applications/OS to the outside world as I've disabled all adapters except for the VPN connection.  Actually, Witopia, and presumably other VPN providers, install their own TAP-32 interface.  So the PCs adapters (whichever one I'm using; wireless or wired) would need to be enabled to connect to the TAP which then would connect to the network.  It simply appears that the TAP-32 ( a Virtual Adapter, doesn't replace a PCs NICs but is nonetheless required to connect to the VPN.

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #6 on: June 28, 2012, 01:55 PM »
Here's what I'm thinking so far.

I use the Comodo firewall.  It has a lot of configuration options.  One of them is to allow connections from such-and-such "Source Address" to such-and-such "Destination Address."  These addresses can be MAC addresses.  So I'm wondering if I can tell each application that requires network access to connect using ONLY the MAC address of the TAP.  The problem I see at this point is that the TAP installed on my system does not have a MAC address, which tells me that one is not required.  So I wonder: could I just make up a MAC address for the TAP, just as long as it doesn't match one already on my network?

Thoughts?

PhilB66

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #7 on: June 28, 2012, 06:15 PM »
Maybe this thread could be of help?

https://www.donation...ex.php?topic=25468.0

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #8 on: June 28, 2012, 06:36 PM »
Maybe this thread could be of help?

https://www.donation...ex.php?topic=25468.0

Sadly, no.   :(

But I appreciate the effort.   :Thmbsup:

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #9 on: June 28, 2012, 06:39 PM »
This is what a firewall was made for:

1) Block everything outgoing unless the source IP is a VPN IP, (eg. 10.5.4.3 or 10.5.4.*)
2) Except for the VPN software and one browser, ie. source IP = *.*.*.*

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #10 on: June 28, 2012, 07:20 PM »
It looks like, as others have noted, the firewall is the place to do this.  So far I've successfully blocked two applications from getting online unless the VPN is connected.

Here's what I've done (for those who are interested).

The TAP-32 Virtual Adapter that's part of the VPN package comes with no MAC address.  So I figured I could give it one, just as long as it didn't match one already on the network.  Once I did that I went into my firewall configuration screens.  Using the Comodo firewall, I went into Network Security Policy and then Application Rules. 

I set the "Action" to "Block."
I set the "Protocol" to whatever was appropriate for a given application.
I set the "Direction" to "In/Out" as I figured that would cover all the bases.
I gave it an appropriate description, something like "Force <insert app name here> To Use TAP-32."
Under "Source Address" I enabled the "Exclude" option.
I set the "Type" to "MAC Address."
I set the "MAC Address" to the one I gave the TAP-32 adapter.
I then click "Apply" and then, on the next screen, "Ok."

I'll note that I did not change anything under the "Destination Address," "Source Port" and "Destination Port" options.

Before I tested this out, I disconnected the VPN (TAP-32 adapter), did a "ping" of Yahoo.com to verify connectivity and then tried to get these first two applications online.  Neither was able to connect.  Once I re-enabled the TAP-32 adapter, however,  both were able to connect.

Sweet!

Now all I have to do is 1) identify all those applications for which I want to have internet access and, 2) identify which protocol they use to do so.

Now, I know that for most of you this isn't really that big of a deal.   :P  But for an 'ol fart like me, it's a big deal.   :greenclp:

Thanks to all for reading and your feedback.  It was great to have a sounding board.   :Thmbsup:

By the way, I want to be a programmer when I grow up!   ;D

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #11 on: June 28, 2012, 11:08 PM »
Here's the Torrent Freak link:

http://torrentfreak....-more-secure-120419/

I think that's what you're looking for.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #12 on: June 29, 2012, 12:29 PM »
Here's the Torrent Freak link:

http://torrentfreak....-more-secure-120419/

I think that's what you're looking for.


Thanks, Renegade.

I downloaded it this morning while connected to my VPN but it said that I wasn't connected.  My PC has Vista and this developer's site didn't explicitly say it worked with Vista.  Still, I'll probably dink around with it some more and see what I can come up with.  But I'm not sure it will work as well as the firewall rules I created which were both time-consuming to make and a bit more technical than I think most users would prefer, although doing firewall rules isn't that bad.

It just seems to me that it wouldn't be that difficult to create a small app that can do exactly what I want, but then again, I'm not a programmer.

Thanks again for the link.

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #13 on: June 29, 2012, 07:14 PM »
If you were willing to pay for it, Windows7FirewallControl, (works on XP->8 ), allows you to create 'Security Zones'.

So you could just create a zone that encompasses sources IPs that match your VPN IP allocation, then you just select Allow VPN zone only for any programs accessing the network.

small_zone.jpg

Haven't used Comodo in a long time but it may have something similar - a lot easier than having to specify MAC addresses.
« Last Edit: July 14, 2012, 09:08 PM by 4wd »

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #14 on: July 04, 2012, 12:58 PM »
I've been learning about and configuring Comodo to do what I want.  It works...sorta.  More readling....  :-)

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #15 on: July 04, 2012, 01:05 PM »
Check out using OpenVPN rather than PPTP. Some VPN service providers support that. I just stuck it on my Mac and seems to be pretty good. You can configure a fair bit, but the firewall thing and TF link are probably still needed.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

coll4pqv

  • Participant
  • Joined in 2012
  • *
  • Posts: 9
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #16 on: July 14, 2012, 01:02 PM »
Just a "final" quick note to say thanks to everyone for the input.  I'm continuing to configure Comodo Firewall with (what appear to be) the appropriate settings and so it's working fine.  On a side note, Comodo Firewall does allow for exporting/importing the firewall's settings so I can create the rules I want and then export them, in this case to my laptop.

Thanks again for all the advice and recommendations.

skwire

  • Global Moderator
  • Joined in 2005
  • *****
  • Posts: 5,286
    • View Profile
    • Donate to Member
Re: SOLVED: App to Stop "All" Network Traffic Until My VPN Connects
« Reply #17 on: July 14, 2012, 01:08 PM »
Thanks for the update.  I'll mark this thread as solved.  =]