Comodo v6x As Selective VPN Kill Switch

Ok, I have looked at and it is NOT applicable for this.

I want to selectively kill the connections for specific programs when my VPN is not active (or drops off).

I cannot configure it for a specific VPN IP as my VPN uses multiple IPs, and I do not want to kill the whole internet connection.

The way my VPN works, is that it installs an additional TAP adapter, and BOTH are active when the VPN is connected - I get my “normal” named internet connection (which lists as Internet access), as well as an addition “Unidentified network” (which lists as No internet access).

There is a YouTube video that shows how to do it when you have a static VPN IP, but not when the IP is variable.

Thanks for any assistance! :slight_smile:

An easy approach ( rather than messing up with Comodo rules) is to get VPN Watcher from UGD Software:


Interesting, and not badly priced.

I’ll give the free version a try and post back.

(Would still also like to know how to do it with Comodo, as a backup) :slight_smile:


Program is a nice start, but you have to configure it for each possible VPN connection (and my VPN is not one of the pre-configured VPNs). Since my VPN has multiple servers in multiple locations, this would be a real pain to configure :frowning:

I have 5 VPN servers (L2TP); first I manually connect to one and when the connection is established I start VPN Watcher which will check if there is A (ANY) VPN CONNECTION ESTABILISHED and will start all applications associated.

If the VPN connection is lost , the associated programs will be terminated ( or suspended in paid version )


VPN Watcher does not appear to automatically see my VPN connection, whether I start it up and then connect, or start it up while already connected.

Either you have an older, or a different version of it. My screens do not look like that.

If I add a program, then close VPN Watcher, when I re-start it it shows the status of that program as EXITED - even though the program is still running.

As, so far, this program appears to be giving conflicting information, I feel I cannot trust it.

Might a simpler approach not be to put a block rule in for each application restricting it from using your normal IP network and only allow the VPN IP range?

This doesn’t disable/kill the application, but if your true intention is to only allow communication through the VPN IP Range, this certainly sounds like the simpler solution.

Use Comodo to shape the network traffic, not application execution/termination.

As I mentioned in the first post, my VPN uses multiple IPs at multiple locations (literally several dozen, and growing) - creating a rule for every potential IP is an impossibility.

I’m NOT trying to terminate any app, I want the TRAFFIC to an app blocked.

I found some older posts, and I guess Comodo hasn’t yet either found a way, or bothered to find a way, to block uTP connections.


Comodo’s job as a firewall is to allow you to shape the traffic… so it’s best/only means to help you achieve what you want is to create a ruleset including your VPN servers DHCP ranges… then tell your VPN only applications to use the one ruleset. (do all the work in the ruleset, not per application)

I also use a TAP VPN solution, and the vendor I use provided a software client to install on the desktop. It lists all the servers that I can choose between, and also included the functionality to start/terminate a list of applications as the VPN was opened/closed.

Creating restrictions that stop communication is all Comodo can do… what you are asking for can be done and has been done by clients provided by some VPN providers… if your provider doesn’t do it, suggest it as an enhancement, switch providers, or use 3rd party tools like claudiub suggested.

Believe me, I’m not the only person requesting improvements in the VPN client :frowning:

Again, I am not asking for anything that Comodo should not be able to do - they just haven’t done it yet (apparently).

Unfortunately I’m not sure what’s been done or is in planning, but I wander if a rule of type IP (not TCP or UDP) would have helped here. I know there is an option for a custom IP-based rule, maybe it can be suitable, not sure tho.

Certainly interesting territory… but I think your VPN provider really is the best provider of your solution; mine did it :wink: