Permitting only PPTP web traffic

Comodo Internet Security - CIS Firewall Help - CIS
#1

I’ve purchased a VPN package that connects over PPTP, I’d like to make it where only traffic going through the VPN works. If the connection is lost, I want my internet access to be cut off.

Now, I’ve read several threads here on setting this up, but it always seems to be a WAN. Something like accessing files on a local computer. So my program connects only to this single ip.

I honestly don’t understand what the problem is. My traffic is going through the VPN. Checking my ip over a browser returns the VPN’s ip. But if I set up rules to allow only traffic to the VPN’s gateway and ip range(along with DNS server), and block everything else, it just blocks everything. I followed exactly as laid out by Ronny here

Let’s say I’m going to go to yahoo.com Comodo doesn’t seem to see the request as going to my VPN’s ip range. Rather than 208.xxx.xxx.xxx it sees 24.xxx.xxx.xxx and blocks it… Yet it actually does go through 208, it doesn’t go directly to 24.

The only thing I can think is Comodo monitors traffic before it reaches the connection redirect? Like the network connection states “Point all traffic here->208” but Comodo looks at the traffic before it reaches that point in the network and see the traffic unshaped?

I’m either dense, or this is impossible and I’m not sure which :stuck_out_tongue:

#2

Typically, svchost will perform all DNS queries on behalf of other processes and applications, so if you want an application to perform it’s own DNS queries against a specific DNS server, you’ll have to disable the DNS client service in services.msc and create individual DNS rules for each application.

#3

DNS isn’t the problem. That’s why I used Ips as an example.
Whether I set up these rules network wide or for a single application, access to any ip that isn’t the VPN is blocked.
I can’t access comodo.com even if I try going to http://91.199.212.176
It’s still blocked.

#4

Can you tell us exactly what rules you have configured so from both Application and Global. Also, do you have a requirement to access LAN resources in addition to Internet traffic via VPN. It might also be helpful to know which provider you have signed on with.

The problem I foresee with this is that, at least based on assumption is, you’re connecting to your ISP, then creating the VPN to the provider? This being the case, if you try to divert all traffic down the VPN you will not be able to maintain connectivity with the ISP.