I would like to know if its possible to force a VPN connection. A VPN connection works great until something happens and it drop. The second this happens your computer automatically activates your default network. Is there a way to force a VPN connection and disable the use of the default network if VPN connection drops?
The best way apparently is to do some firewall tweaking but ive tried and i get nothing to work.
Imagine having two networks one is the default and one is the VPN. The default network is only allowed to obtain an ip(on reboot for example) from your isp and talk with the VPN server to create a connection. This way when the VPN connection does drop for any reason, nothing could happen on your default network until your connection is reestablished with the VPN server.
The VPN network on other hand should have all rights to run programs and what not. The second the VPN connection drops every program would be blocked and never get through your default network.
I hope i make some sense here and what im trying to achieve. Is this possible and how exactly would i proceed? Ive gone through google for many hours and im not the only one looking for a solution. The problem with this is that the replies/help on this subject are very, very scarce! The best solution ive seen so far is using a firewall. I cant set up my firewall(comodo) for this without some help/guidance from someone who know how this work.
I am going to answer my own question.
There is a firewall named Sygate Personal Firewall(2004), its old and looks really horrible. However it stands out quite a bit from comodo/zonealarm. What makes SPF so special is that it allows the user to select a network device to apply a rule to.
For example lets say you want to surf safe and use a p2p client. All this is great as long as you have a working VPN connection. If this connection were to drop, windows will instantly switch to your default network interface. This means that everyone can see who you are the second this happens, so much for the VPN.
Using SPF it gives you the option when creating an advanced rule to set a rule to a network interface. For example if we want mIRC blocked on the default interface, we block it. However we allow it on the VPN interface. If you try to use mIRC in the default interface nothing will happen, since its blocked from internet. When you connect to your VPN service, mIRC starts to run normally, under the safety of VPN. If you were to drop connection to the VPN service, SPF would automatically block mIRC instantly since it detects the network interface being changed to the default.
A piece of wonder. I hope someone else got some ideas how to block a program from using the default network interface and only be allowed to run when a VPN connection is established.
You are able to create Rules for MAC address of NEtwork Interface. I used Sygate Personal Firewall Pro very long time. COMODO really doesn’t have such usefull function. But with Rules, based on MAC, I could solve such problem. I have rules to allow utorrent and mIRC on “local network” (MAC of Local Network Interface) and rules to block on VPN (MAC of VPN connection - it doesn’t change even after rebooting in my case, but gets IP via DHCP).
So, via MAC you are able to “choose” between “NICs” =)
Is there a way i can get the MAC’s for the different network interfaces? I can see the MAC’s in SPF but must be… other ways to see them, like using the command prompt?
Sorry, was easier than i thought /ipconfig all, should have seen that - Thank you for your help!
Maybe a silly question but does the MAC ever change for any reason or is it always the same?
MAC = hard coded hardware ID, never changes.
Originally, MAC really hard-coded hardware ID without any changes and without doubles in any EVER existed NICs.
But it is not full true =) You are able to change MAC by using some programs or even network driver.
So, if you doesn’t use any such utilities, then you can be sure - it’s never changes.
Ive played around the whole morning with this and it doesnt work.
You cant allow internet access to one MAC and block it from using another. I tried this with firefox, it just doesnt start at all. Even if you create several different checks, it’ll just end up with comodo totally ignoring your rules and asking you what to do.
The only program i managed to get to work was ping, not sure why it works with that and nothing else, could be that its very simple.
As for Global Rules, since you cant add a program to this, its next to useless. Otherwise you could allow svchost/system (IP) access but anything else would be blocked unless it was using the correct MAC. If those two applications dont have access you wont even get your ip from your isp.
Ive looked through the rules and everything and i still dont get it. Basically any application set to allow IP in/out has full access to the internet. Why doesnt comodo allow me to add a block for one MAC and allow another MAC? Maybe i just dont get it.
Like i said earlier the only application in managed to complete this on was the ping service. Top priority i blocked it access to default MAC(IP request in/out). Below that i added full access to IP request. When i logged on to the VPN network i could use ping. However when i disconnected it stopped working. Any attempt to duplicate this on another application would fail.
I am very open for any advice how to proceed.
First of all - tell us Firewall Mode (Custom, Safe, etc.)
Other point - my Rules for utorrent (I want to connect with my LAN peers, but block traffic via VPN):
I defined Network Zone named LANMAC as MAC of LAN
After that I Created 2 Rules for uTorrent
1 - Allow tcp in/out Source LANMAC Dest ANY Source Port ANY Dest Port ANY
2 - BLOCK IP Source ANY Dest ANY IP ANY
It works. Even in Safe Mode. No new Rules appeared after that.
Unfortunatelly, You cannot get MAC of Microsoft VPN connection (PPTP).
Previously I told about Rules for MAC of VPN - it’s not true. My mistake.