Welcome
Welcome to vistafirewallcontrol

You are currently viewing our boards as a guest, which gives you limited access to view most discussions and access our other features. By joining our free community, you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, and access many other special features. In addition, registered members also see less advertisements. Registration is fast, simple, and absolutely free, so please, join our community today!

VPN only zone

VPN only zone

Postby Camella » Fri Dec 09, 2016 1:01 pm

I want to restrict all traffic to my LAN adapter so apps are forced to use VPN
But I'm not sure how to do this

I made a "LAN" zone with the IP address of my LAN adapter and gave my VPN client access to this zone
That works I think... I can connect to VPN

All other apps should be denied to get access to this zone
And as soon as VPN connects these apps should be able to connect to the "VPN" zone
The name of this VPN network adapter is always the same. The IP is dynamic.

How do I deny apps access to LAN and permit access to VPN ?
Camella
 
Posts: 2
Joined: Fri Dec 09, 2016 12:53 pm

Re: VPN only zone

Postby VistaFirewallControl » Fri Dec 09, 2016 7:01 pm

>I want to restrict all traffic to my LAN adapter so apps are forced to use VPN
>I made a "LAN" zone with the IP address of my LAN adapter and gave my VPN client access to this zone
That works I think... I can connect to VPN

That’s confusing a bit.
Your VPN client connects to a remote address beyond the LAN principally. Right?
After VPN connection is established, the VPN client creates a new (virtual) network adapter for you.
All other apps should be enabled to access via the adapter subnetwork IPs, but not the VPN client itself.

>How do I deny apps access to LAN and permit access to VPN ?

The basic scenario is the following.
VPN client should be enable to connect remotely (to the VPN server at least), beyond any LAN. Otherwise there would be no a VPN connection.
That gives you a new LAN with (say so) a.b.c.x IP. a,b,c or a,b (at least) should not be mutable. (the IPs are determined by VPN server)
You create a LAN zone with a.b.c.0/24 or a.b.0.0/16 addresses enabled.
The zone then can be applied to applications that you intend to allow through VPN only.

Have we missed something?
Or your VPN server is located in LAN as well and it’s your personal VPN server?

Looking forward to hear from you.
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am

Re: VPN only zone

Postby Camella » Fri Dec 09, 2016 9:15 pm

Hi, I use VPN to stay anonymous when downloading torrents and other stuff
So I don't want my download programs to use the LAN adapter when the VPN connection fails

That is what I try to do with Windows 10 firewall control

No program is allowed to use LAN except for the VPN client
All other programs should default to VPN (the other network adapter)
This VPN client gives me random IP addresses

I have it working for all existing programs with the WIndows 10 firewall
But I have to make a rule for every program.
Camella
 
Posts: 2
Joined: Fri Dec 09, 2016 12:53 pm

Re: VPN only zone

Postby VistaFirewallControl » Mon Dec 12, 2016 11:33 am

Thank you for the clarification.

>This VPN client gives me random IP addresses

Entirely random?
So you are generally disabling the (unique and persistent) physical LAN IPs instead of enabling (unpredictable) VPN IPs.
Right?


>But I have to make a rule for every program.

There are several workarounds to prevent a lot of manual clicks.

- Creating a zone with required permissions (rule) once and assigning the zone to all involved applications. This helps to avoid inserting the rule manually many times.

- Using Settings/LANs (please see the manual for the details)
The basic idea is disabling your physical LAN in every zone with LAN* rules by a single click.
Success depends on whether your programs are set with zone based on LAN* rules.
Some zones management may be required though.


-Using Settings/All Applications zone.
The zone’s rules are triggered after all evident per-applications rules.
So you can disable the physical LAN for all applications at once having a single disabled rule.
The scenario will work fine if none of the physical LAN enabling rules is applied to applications evidently.
Just please check that physical LAN enabling rules are not applied to the through-VPN applications, otherwise the rules will be triggered first before Settings/AllApps.

If you need more details, welcome.
VistaFirewallControl
Site Admin
 
Posts: 1479
Joined: Fri Mar 27, 2009 11:25 am


Return to What is VistaFirewallControl, features

Who is online

Users browsing this forum: No registered users and 0 guests

cron
suspicion-preferred