How to ensure Internet access is only via VPN

networking windows-7 vpn ip routing
11,652

Solution 1

4) Firewall. Might be a viable option, but http://www.purevpn.com/win7-firewall.php says

Note: Torrents programs are an exception to this - For torrents this method is only 99% effective leaving 1% chance of data leak.

I'm not sure why that is and the page doesn't give details, but it's a bit worrying.

PureVPN's suggested settings use port-based blocking. This may let some traffic through, as remote torrent clients can listen on every port they want to.

If you use IP-based blocking instead (or both), that flaw is eliminated.

Solution 2

Definitely the 4th option - but ideally firewall on your router rather then PC. I could not find the reference to the data leak, but it sounds like a lot of FUD to me. (It could also be to do with DNS lookups leaking that you are looking up a particular domain name and these being trapped. The key here is to ensure DNS requests also go through the VPN - if you are worried about DNS leaking information about you)

Share:
11,652

Related videos on Youtube

EM0
Author by

EM0

Updated on September 18, 2022

Comments

  • EM0
    EM0 over 1 year

    I have a Windows 7 machine with a regular wired Internet connection, configured via DHCP. It has a VPN connection set up. How can I ensure that Internet access is allowed only over the VPN? That is, before the VPN is connected I want there to be no access to the Internet (except to the VPN server). If it disconnects or fails for any reason I want there to be no access as well.

    I've already read the guides on this and there seem to be basically 4 answers, none of which work reliably for me:

    1) Run some software that detects when the VPN disconnects and block Internet access. I don't want to rely on this, even if it mainly works. I want a "secure by default" solution.

    2) Remove the default route that goes via the real gateway. This almost works, except that sometimes (not all the time) when the VPN disconnects that default route has magically re-appeared. Perhaps it happens during a DHCP refresh, I'm not sure.

    3) Add a fake default route that goes via a non-existent gateway, with a lower metric than the real default route. This didn't work for me. The route is added, but before I connect to the VPN I still have Internet access. route print shows this:

    Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0          1.2.3.1        1.2.3.123    276
          0.0.0.0          0.0.0.0  192.168.198.250    192.168.198.1     22

    where 1.2.3.1 stands for my real gateway and 192.168.198.250 is a fake gateway on a VMware adapter. It uses the real gateway even though the fake metric is lower. I've also tried adding a fake gateway on the real network, but its metric always ends up higher - the "metric" parameter of route add seems to be relative to the interface metric.

    4) Firewall. Might be a viable option, but http://www.purevpn.com/win7-firewall.php says

    Note: Torrents programs are an exception to this - For torrents this method is only 99% effective leaving 1% chance of data leak.

    I'm not sure why that is and the page doesn't give details, but it's a bit worrying.

    • ganesh
      ganesh about 11 years
      1) How are you going to establish the VPN if you have no access to the Internet? Add a specific route to the VPNs address? 2) Is setting up a VPN on the router an option? No need to mess with the local PCs. Or for them to mess up.
    • EM0
      EM0 about 11 years
      1) Yes, I mean "no access except to the VPN server" - edited. 2) It's an option, but I'd prefer a more general solution that can work on any Windows PC connected to the Internet in any (reasonably standard) way.
    • EM0
      EM0 about 11 years
      Thanks, Dennis, looks like firewall is a 4th option. I've edited the question.
  • EM0
    EM0 about 11 years
    Thanks, that makes sense - they should have said so on the page
  • EM0
    EM0 about 11 years
    OK, I'll give it a try. Agree that router is better, if possible. If I'm using a laptop at some wireless hotspot, though, I suppose Windows Firewall will have to do - unless there is some better option?
  • EM0
    EM0 about 11 years
    Accepting this (firewall) as the answer, but I'll probably use it in combination with removing the default route - it's easy enough to do and it's just an extra level of safety.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to prevent Windows 7 using VPN gateway by default?
Windows 7 using wrong output IP adresses when multiple IP are configured to the same adapter
Problem with persistent routes and VPN connection in Windows 7
Stop VPN being used on internet traffic on Win 7
Windows vista and 7 don't honor routing table metric?
multiple default gateways for alias interfaces
How do I setup routing through a PPTP VPN?
Configuring routes so that vpn is only used for local resources
How to route all traffic through vpn adapter?
pptpd VPN: No internet access after connecting