0

I want to make sure all traffic goes through the VPN. The VPN manager has an option to enable a "kill-switch" which cuts off the internet if the VPN is not being used, however this feature is buggy and often gives the network adapter invalid DNS settings.

I know in Windows 7 there are ways to configure the firewall to ensure all traffic passed through the VPN but Windows 8 changed the firewall and I don't think it's possible to do it anymore.

It's important that 100% of the traffic (or at least as much as possible) goes through the VPN, so solutions where specifying certain programs are non-ideal (as seen here).

Please note, the instructions for how to do this on Windows 7 do not work on Windows 8 because of changes made to the firewall. From here

In Windows 8.x things are trickier because the Network and Sharing Center does not allow you to change Network type from Home to Public. We also could not get Windows 8.1 to display our OpenVPN connection in the Network and Sharing Center.

There seem to be two techniques: use a program that blocks IP connections if VPN fails vs set firewall to route all traffic through VPN. Is one way better than the other?

Improve this question
5
  • @raz no it doesn't frikin work for Windows 8 and it's really too bad everyone assumes the same answer applies to Windows 8. Please up vote the question asking for Windows 8 and downvote any answers claiming the same procedure for Windows 7 works on Windows 8.
    – Celeritas
    Commented Dec 20, 2014 at 8:46
  • 1
    It was just a suggestion (the reason it's a comment). If you put what you've already tried in your question that might narrow the results.
    – RoraΖ
    Commented Dec 20, 2014 at 13:04
  • @Ramhound it is possible the OS gets confused (or tricked) into not using the VPN for everything, that's the point of a VPN kill switch and hence this question. I'm not sure I understand your point, you basically just say "set up the VPN".
    – Celeritas
    Commented Jan 12, 2015 at 7:37
  • @Ramhound if the VPN client crashes or is terminated by the user. I believe I once red sometimes the OS can simply get confused and not use the VPN.
    – Celeritas
    Commented Jan 13, 2015 at 8:41
  • @Ramhound second paragraph from the top torrentfreak.com/how-to-make-vpns-even-more-secure-120419
    – Celeritas
    Commented Jan 13, 2015 at 8:43

1 Answer 1

Reset to default
1

One way would be to discard using the Windows Firewall, which is very difficult to use for many scenarios anyway.

You could try another software firewall product, like Comodo Firewall, which has a free and a Pro version. Both can do application level rules for both inbound and outbound traffic, as well as global rules, so you could block everything except your particular VPN software, and limit the VPN to only connecting to your particular VPN provider.

Better would be to put an independent firewall between your Windows 8 box and the Internet, perhaps using pfSense running on a used/old machine or on a tiny dedicated firewall box like a netgate, and do blocking there.

To verify, particularly with software firewalls, use a packet sniffer like Wireshark.

  • In particular, watch for DNS requests; it's not uncommon for DNS requests to go "around" the VPN if it's not set up to trap them, and should be checked for.
  • If you have dedicated hardware in the middle, do your checking there, obviously, since that shouldn't be affected by anything doing very secret things with your Windows machine.
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .