Allow application to use VPN connection only

Hello there,

I have a standard Windows pptp VPN connection which I use for some applications. Sadly sometimes the VPN disconnects and then data will be send unsecured over my regular connection. So I am now looking for a firewall that is able to define rules in a way that an application is only allowed to use the VPN connection and sending traffic over my regular connection is blocked (in case the VPN connection crashes again). Is Comodo able to setup some rules like:

“allow eMule to use the pptp VPN connection”
“block eMule from using the regular LAN connection”

and how would those rules exactly look like?

Thanks for helping,

Thomas Serail

Sorry to write this in English, but sadly I don’t speak Italian. (I came along with this thread using the google translation feature).

My question is: Is Relakksboy’s workaround (that yeiazel posted) still necessary to use Relakks with Comodo, since it was originally posted November 23 as a workaround for a bug that was fixed with the latest Comodo 3.0.14.276, released on December 12!
(Releasenote CFP 3.0.14.276: VPN Clients can now connect to VPN servers)
So do you still need this workaround, even if you have the latest Comodo 3.0.14.276 installed?

Hi,

I think that this problem applies only to VPN Relakks and possibly for other types of VPN the problem should be resolved by last update.

Since an user (gero) pointed out persist problems with Relakks even after the last update was proposed this solution by Relakksboy, which I reported here.

Do you have too problems with Relakks or VPN in general?

Yes, I am looking for a way to allow an application to use the Relakks VPN connection only, but not the regular connection!

(See my post here: https://forums.comodo.com/help_for_v3/allow_application_to_use_vpn_connection_only-t17373.0.html)

I am sorry but I can not say.
Maybe you should try using that rule and changing “Windows Operating System” with the application you want to use.

I don’t think this works, since eMule doesn’t establish a GRE connection, it just uses the tunnel that Windows provides! eMule itself sends TCP/UDP protocol packets.
Maybe defining a zone, containing the Relakks Gateway address helps (eMule: allow → zone: relakks) or is “Zone” identical with “IP-Range”, so this would just mean that eMule can now only send packets addressed to the relakks site itself (which would be pretty silly, since I am sure there is no eMule client running on the relakks servers :wink: )?

Sorry, but if there aren’t other emule users on VPN Relakks, what is this useful? :stuck_out_tongue:

??? ??? ??? ???

What is the problem? If you don’t understand, ask…

“what is this useful” ?
I don’t understand what you mean …
“If there aren’t other e-mule users on VPN relakks” … what do you mean ?
FYI : other people don’t need to use relakks for you to be able to connect to them,
unless something (Comodo v3) is messing with the VPN .

Relakks is a VPN provider for anonymous internet, basically like a universal proxy.
You connect to Relakks to connect to the world, using a swedish IP.

Differently from a lot of persons that before understand say nonsenses, when I do not understand something, before answer coherently, I ask.
I have not prescience, and above all English is not my language.

When I asked what was “useful”, I wanted to understand why, given that I have never used emule with Relakks.

FYI: If you were in possession of this information could answer to Thomas_Serail rather than argue with me.
Or at least, could you explain me away that Emule can be used with Relakks for a secure VPN connection, without being ironic.

Relakks is a VPN provider for anonymous internet, basically like a universal proxy. You connect to Relakks to connect to the world, using a swedish IP.

BTW Thomas_Serail, thanks, now I have understood what you meant.

I found these settings you can try with Relakks, but site is in Italian and you should use a translator:

Wiki - Relakks-Firewall

About VPN Relakks, said that most of the disconnections are too due to:

  1. Problems internal to Relakks Sever;

  2. Likely disconnections aside of ISP. Was noted also a bulky attack of IANA Reserved and IANA Multicastit with Peerguardian when a VPN and p2p connection fell.

Thanks yeiazel, I have looked into that site, but sadly it is only a tutorial how to completely block non-VPN traffic from your PC, using Comodo – but not an application specific solution.

However in the meantime I found a solution myself. I created two application specific rules for eMule that allows it to use the VPN only in case you are on a LAN:
First Rule: Block IP In/Out From In[your network adapter’s name] To IP Any Where Protocol Is Any
Second Rule: Allow IP In/Out From IP Any to IP Any Where Protocol Is Any

But this only works if you are connected to the internet using a Router. I think the exact rule that allows an application to use the VPN connection only would be:
First Rule: Allow IP Out From In[Relakks] To IP Any Where Protocol Is Any
Second Rule: Allow IP In From IP Any To In[Relakks] Where Protocol Is Any
Third Rule : Block IP In/Out From IP Any To IP Any Where Protocol Is Any

This should do the trick although I can’t test it myself, since I am using Windows 2000 and can’t run Comodo v3 myself. I did the v3 job for a friend who is using Windows XP this was also the reason why I asked if Comodo is capable of allowing VPN only, since I couldn’t try it out myself.
But I’d also like to setup these rules (allow eMule to use a Relakks-VPN connection only) here at home with Windows 2000. I got v2.4 running here but it’s not powerful enough for this task, since the application specific rules of v2.4 don’t know an “Allow IP In/Out From: Source” command.

Is there any “Windows 2000 hack/fix” for v3? Since Windows 2000 (NT 5.0) and Windows XP (NT 5.1) are extremely similar and there was always a way to run “XP only” software under Windows 2000 so far, I even got Crysis running here without trouble using the “Crysis Windows 2000 fix”! I guess the Comodo v3 installer has just a build-in check that checks if you are not running XP or Vista and the aborts then installation.

Anyway - here is little Tutorial in case some of you guys also want to allow an application to use Relakks only:

  1. Create a new network zone, called “Relakks” and define it as
    “a range of IP addresses” where you put in the address range
    of your VPN provider. In case of Relakks this is 83.233.168.0 -
    83.233.183.255.
    (My Network Zones => Add => Name: Relakks;
    A range of IP addresses: 83.233.168.0 - 83.233.183.255
    )

  2. Then choose the application you want to allow to use Relakks
    in the firewall’s advanced “Application Rules” tab, remove all the
    old rules which are assigned to this application and add
    three new rules:

    First add this rule:
    Allow; IP; Out; Source: Zone: “Relakks”; Destination: Any;
    Protocol: Any;
    Second add this rule below the first one:
    Allow; IP; In; Source: Any; Destination: Zone: “Relakks”;
    Protocol: Any;
    Third add this rule below the second one:
    Block; IP; In/Out; Source: Any; Destination: Any; Protocol: Any;

Note: The order in which the rules are placed upon another is important!
So, there should now be three rules (and only these three) listed below your application:

Top: Allow IP Out From In[Relakks] To IP Any Where Protocol Is Any
Middle: Allow IP In From IP Any To In[Relakks] Where Protocol Is Any
Bottom: Block IP In/Out From IP Any To IP Any Where Protocol Is Any

Rules from last post didn’t work.
Also this italian wiki didn’t work.
I’ve tried for days now and doesn’t get it to work.
Can anyone check these suggested rules or does anyone has working rules?

Thanks in advance!

[ at ] yeiazel …
I wasn’t being ironic, I really wasn’t sure that I understood what you meant so instead
of guessing I used the “confused” smiley. Looking at it I can see that it looks more like a
angry-smiley or something… sorry :slight_smile:

I have some rules that do what the OP asks but they are for version 2.4 and for bit-torrent client
azureus so I don’t think they are useful but they are much like what Thomas_Serail came up with .
Another thing you could do : many applications can bind to a specified NIC but it doesn’t seem like eMule has this option (or I can’t find it :wink: ).