simplewall
simplewall copied to clipboard
henrypp
[Question] How to block all traffic when not connected to VPN and allow only when connected to VPN?
What I'd like to achieve using SimpleWall
- By default Block all traffic to all applications when not connected to VPN
- Allow Network Access to OpenVPN
- When connected to VPN [to Work Network using OpenVPN] would like to allow certain IPs / Ports - a combination of both
- When connected to VPN [to Work Network using OpenVPN] would like to block certain IPs / Ports - a combination of both
What I have tried and achieved using SimpleWall so far
- Removed Chrome [as an example browser] from the Apps with Internet Access
- Added OpenVPN Client to Apps with Internet Access and able to connect to Work VPN
- Added a User Rule Allowing Outbound Traffic to specific Remote IPs / Port [Internal Work Network IPs] combinations with Chrome selected in the Apps List [If I remove this rule, unable to access anything as Chrome is not in the Apps with Internet Access List, which is expected]
- Tried Creating another Rule Allowing Outbound Traffic to specific Remote External IPs and Ports, added VPN IP in the Local Rule [Assumed that should ensure only the traffic from the VPN assigned IP will be allowed]
Observation and Tracing on Packets Log
- Chrome is not able to access Allowed External IP
- On Packets Log, observed the Address (Local IP) is the Wifi Adaptor Assigned IP and not the VPN IP which is the reason the the rule allowing outbound traffic to the External IP from the allowed Local IP.
I'll be glad to give any additional details as required and appreciate any inputs or suggestions please
Thanks!
App version: 3.8.7 Windows version: 10.0.26100
You can remove the local default route to your router and add a route only for the vpn (which is usually added by OpenVPN already, but route to your lan still exists). Simplewall can't do routing!
This may help: https://www.privacyaffairs.com/vpn-killswitch/
PIA VPN has a kill switch. I'd assume any half-decent vpn would, but apparently not.
