Only allowing VPN

ForceVPN · September 8, 2011, 3:09pm

I have set up the following rules to force my PC to access the internet through a VPN service:

Allow VPN: Allow, TCP or UDP, In/Out, with Destination Address of IPv4 Single Address of the VPN’s IP.
Allow Tunnel: Allow, TCP or UDP, In/Out, with Source Address of the Network Zone for the VPN.
Allow Home Network: Allow, TCP or UDP, In/Out, with Destination Address of IPv4 Address Range 192.168.0.1 to 192.168.255.255.
Block All: Block, TCP or UDP, In/Out

This works if I run the OpenVPN client and establish the connection. THEN start the firewall and use my web browser. If my VPN connection drops (I test this by disconnecting OpenVPN) then nothing on my PC can access the internet. Which is what I want.

When I reconnect to the VPN, I am unable to browse the web, however, I do see that applications like skype are working. This leads me to suspect that my web browser is unable to use DNS.

Basically, if I start my firewall before establishing the VPN connection, I am unable to browse the web. Any clue what’s causing this?

rhgtyink · September 8, 2011, 6:35pm

Is your DNS server local on your ‘Home network’?

ForceVPN · September 8, 2011, 9:39pm

The only thing on my home network is 2 laptops and a dlink wireless router. I guess I should have clarified that this is a home network.

rhgtyink · September 8, 2011, 9:55pm

yes but is your DNS Server(s) config pointing to local IP’s or are you using non-local IP’s to resolve names, in that case you need to add those to a permit rule also.

ForceVPN · September 9, 2011, 12:16am

How do I check my DNS config? In case it’s relevant, I use windows 7 and I’m using openVPN for my vpn client.

rhgtyink · September 9, 2011, 6:14am

fastest would be to open a command-box and type


ipconfig /all

And then look for “DNS Servers . . . . . . . . . . . :”

ForceVPN · September 9, 2011, 7:20pm

I ran ipconfig /all. It’s alittle confusing to me because I see 2 lines that start with “DNS Servers…”
I see:

Ethernet adapter Local Area Connection 2:
DNS Servers . . . . . . . . . . . : 10.8.0.1

Ethernet adapter Local Area Connection:
DNS Servers . . . . . . . . . . . : 192.168.0.1

The first one looks like it’s my VPN, and the second one looks to be local.

rhgtyink · September 10, 2011, 7:53pm

Are both IP’s or ranges allowed on your firewall setup?

ForceVPN · September 10, 2011, 8:47pm

Perhaps not.
My home network zone is set with the following range:
192.168.0.100/255.255.255.0

Is this blocking 192.168.0.1 DNS server?

rhgtyink · September 10, 2011, 9:43pm

No it should not, your network is 192.168.0 and the hosts are .1-255 on the last part of the ip with that subnet 255.255.255.0.
A clean notation of the rule would be 192.168.0.0 / 255.255.255.0 which would allow all 192.168.0.0 to 192.168.0.255.

Browser might not like to lose connections and or dynamic switching of DNS servers, does this also happen if you close the browser and then restart it?