Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Only allow traffic going through vpn?


  • Please log in to reply
35 replies to this topic

#1 Deleted

Deleted

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 13 September 2014 - 09:25 AM

Hello, I'm using privateinternetaccess and I'm wondering how to force all the traffic through the vpn. It can auto connect at start but the problem is that applications can get through and not use my vpn when it is connecting/starting up. Preferably, please:
  • Not block the vpn itself from connecting
  • Not let applications connect to the internet using my ip for a short amount of time -If it's a short time, I don't care about this one as much.
  • Not basically turn off firewall protection when I'm connected
  • Not have to disable startup of my programs
  • Not effect everyone on my network
  • Not require two computers
I apologize for being picky. :(
 
I have already contacted their support and posted in their forums, none of those solutions were ideal.


BC AdBot (Login to Remove)

 


#2 Kilroy

Kilroy

  • BC Advisor
  • 3,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:03:18 PM

Posted 14 September 2014 - 11:25 AM

It will depend on your router.  On my Netgear WNDR3700v2 I can block ports for specific IP addresses.  You would assign your machine a static IP address and block all ports except the ones used by your VPN software.



#3 Deleted

Deleted
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 14 September 2014 - 06:05 PM

It will depend on your router.  On my Netgear WNDR3700v2 I can block ports for specific IP addresses.  You would assign your machine a static IP address and block all ports except the ones used by your VPN software.

Wouldn't other software be using the same port as my vpn? This wouldn't be disabling security for that port would it?



#4 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 15 September 2014 - 01:56 AM

The VPN service that you use is likely only allowng web traffic. If you were to pipe everything through the VPN it would kill their servers. IE: something like p2p bit torrent traffic. I am not saying it isn't possible because there are bit torrent specific VPN services as well on the internet. Any sort of thing like this would have to be enabled and configured on the server side to masquerade the traffic properly. Now if you was at a remote location and ran your OWN vpn server you could route the traffic as you please and tunnel right on through to your network and access file shares and the whole 9 yards. Remember VPN, proxy, socks5 or whatever is going to kill the speed of your internet because it's going through a middle man server so things are going to be slower. They probably wouldn't even allow video streaming like from Netflix.

 

Edit: If the service does allow such traffic then each program would have be setup to go through the proxy. I guess they do allow traffic. I found this tidbit of how to proxifier everything program. However, things like this would likely be puke slow. It depends on the the bandwidith on the server side. https://www.privateinternetaccess.com/forum/index.php?p=/discussion/284/proxifier-a-working-example-windows-guide#Item_17


Edited by technonymous, 15 September 2014 - 02:27 AM.


#5 Kilroy

Kilroy

  • BC Advisor
  • 3,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:03:18 PM

Posted 15 September 2014 - 05:28 AM

This solution would only work on the network with the router you set up, so it wouldn't work when you are traveling.  Other software could use the same ports as your VPN software, but it is highly unlikely as there are 65535 possible ports



#6 Deleted

Deleted
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 15 September 2014 - 07:55 AM

This solution would only work on the network with the router you set up, so it wouldn't work when you are traveling.  Other software could use the same ports as your VPN software, but it is highly unlikely as there are 65535 possible ports

I see, thank you. But as I asked before, will it be disabling security for that port? Would the D-Link DIR-868L be capable of doing what you said to do?



#7 Kilroy

Kilroy

  • BC Advisor
  • 3,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:03:18 PM

Posted 15 September 2014 - 08:07 AM

It doesn't disable security for that port.  It prevents your machine from using any ports except the VPN ports.  This would mean that you could not even browse Internet or get e-mail without connecting to your VPN.  All of your Internet access would have to go through your VPN.  I don't know anything about your modem, you would need to look in your router configuration to check your port forwarding and blocking options.



#8 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 15 September 2014 - 12:54 PM

The whole idea of using a vpn service it to have ALL of your traffic go through the vpn service.  Their servers really aren't doing anymore than authenticating the vpn connection to then pass all traffic out their servers.  Filtering is done on the inbound net traffic.

 

You have a couple of options;

 

1. configure your routes wan port to use the vpn service for connection.  Some routers have this ability natively and others need dd-wrt to do so.

 

2. have the vpn software autostart on boot up and set all other program starts to manual so as to not have them access the internet until after the vpn service connection.



#9 Deleted

Deleted
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 15 September 2014 - 05:52 PM

It doesn't disable security for that port.  It prevents your machine from using any ports except the VPN ports.  This would mean that you could not even browse Internet or get e-mail without connecting to your VPN.  All of your Internet access would have to go through your VPN.  I don't know anything about your modem, you would need to look in your router configuration to check your port forwarding and blocking options.

So just to confirm, this whole process will not lower my security? Where do you recommend looking for directions on blocking all ports my vpn does not use for my router?

 

Would something like "Access control", "Network filter", "Application rules", or "Routing" help?


Edited by Deleted, 15 September 2014 - 05:55 PM.


#10 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2014 - 04:13 AM

On basic routers it's just VPN passthrough check boxes. More advanced routers or ones using DDWRT firmware can be set up to connect to the vpn in the router itself. They have a tutotial there showing how to do that. If you scroll all the way to the end you will see examples there how to setup a router that has DDWRT or Tomato firmware. https://www.privateinternetaccess.com/pages/client-support/



#11 Deleted

Deleted
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2014 - 07:53 AM

On basic routers it's just VPN passthrough check boxes. More advanced routers or ones using DDWRT firmware can be set up to connect to the vpn in the router itself. They have a tutotial there showing how to do that. If you scroll all the way to the end you will see examples there how to setup a router that has DDWRT or Tomato firmware. https://www.privateinternetaccess.com/pages/client-support/

How do I know which firmware my router has? Wouldn't making the router use the vpn effect everyone on my network?


Edited by Deleted, 16 September 2014 - 04:34 PM.


#12 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 16 September 2014 - 06:44 PM

 

On basic routers it's just VPN passthrough check boxes. More advanced routers or ones using DDWRT firmware can be set up to connect to the vpn in the router itself. They have a tutotial there showing how to do that. If you scroll all the way to the end you will see examples there how to setup a router that has DDWRT or Tomato firmware. https://www.privateinternetaccess.com/pages/client-support/

How do I know which firmware my router has? Wouldn't making the router use the vpn effect everyone on my network?

 

 

Not sure what your model, make, version is. You would have to read on the bottom of the router. Some routers can be flashed with a DDWRT or Tomato firmware, which has all the bells and whistles and has more advanced VPN options. Your router may or may not be able to use DDWRT or Tomato it depends on make, model, version, how much flash memory is has. By installing DDWRT there is a risk in bricking the router. I was just adding more to Wand3r3r's comment about it. Yes, it would effect everyone on the network. That is probably something you do not want to attempt to do. Most bacic routers just have VPN passthrough options. So each machine would have to setup the Windows VPN client. Not sure if you setup a VPN connection yet in Windows?? That's how you would connect to your VPN server.



#13 Deleted

Deleted
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 17 September 2014 - 07:58 AM

 

 

On basic routers it's just VPN passthrough check boxes. More advanced routers or ones using DDWRT firmware can be set up to connect to the vpn in the router itself. They have a tutotial there showing how to do that. If you scroll all the way to the end you will see examples there how to setup a router that has DDWRT or Tomato firmware. https://www.privateinternetaccess.com/pages/client-support/

How do I know which firmware my router has? Wouldn't making the router use the vpn effect everyone on my network?

 

 

Not sure what your model, make, version is. You would have to read on the bottom of the router. Some routers can be flashed with a DDWRT or Tomato firmware, which has all the bells and whistles and has more advanced VPN options. Your router may or may not be able to use DDWRT or Tomato it depends on make, model, version, how much flash memory is has. By installing DDWRT there is a risk in bricking the router. I was just adding more to Wand3r3r's comment about it. Yes, it would effect everyone on the network. That is probably something you do not want to attempt to do. Most bacic routers just have VPN passthrough options. So each machine would have to setup the Windows VPN client. Not sure if you setup a VPN connection yet in Windows?? That's how you would connect to your VPN server.

 

I see, thank you. My apologies, I do not want it to effect everyone on my network, I'd like it to just effect the computers that I configure to only use my vpn. Again, sorry.



#14 Deleted

Deleted
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 20 September 2014 - 05:05 PM

It will depend on your router.  On my Netgear WNDR3700v2 I can block ports for specific IP addresses.  You would assign your machine a static IP address and block all ports except the ones used by your VPN software.

Will this do what you are explaining? If so, which method(s) will work?



#15 Deleted

Deleted
  • Topic Starter

  • Members
  • 102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:18 PM

Posted 26 September 2014 - 04:27 PM

Anyone?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users