Trying to set up a VPN/P2P Kill Switch, but it still allows connections

Good day all, apologies if this is the wrong place, I didn’t see a forum for the free firewall.

I’m trying to set up a killswitch for my P2P program so that it will only allow connection to the internet through my VPN and not my general internet. I’m running Comodo Free Firewall v. 8.2.0.4792. I’ve followed the tutorial posted below but no matter what I do my P2P program will still connect to the internet even when my VPN is disconnected. The only change I made from standard other than the ones in the tutorial is I’ve set HIPS to Training Mode because it kept asking about my VPN and when I’d say yes it’d just keep asking over and over again and shutting down the VPN program.

I’m not well versed in the advanced mechanics of Firewalls so I’m a bit out of my depth here. Any help would be appreciated.

Tutorial I followed: How to Build A VPN Kill Switch On Windows Using Comodo

Thanks for your time.

Can you check all of your installed network adapters to see if COMODO Internet Security Firewall Driver is listed in the network adapter properties window and that it has a check mark in the box? Specifically the VPN adapter and the network adapter that is used for non-VPN internet.

Hi, thanks for the reply. Yes it is there and checkboxed in all of my adapters, including the two in question.

If you’re using OpenVPN (or your torrent client relies on a TAP adapter) then I’d recommend these firewall settings if you want a specific application to only be able to communicate via VPN.

Note: You can get the TAP adapter MAC Address by opening cmd (command prompt) and typing in ipconfig /all then looking for “TAP-Windows Adapter V?” and then look for “Physical Address”

Rule #1 - To allow incoming connections to the application through VPN.

[ol]- Action: Allow

  • Protocol: TCP/UDP
  • Direction: IN
  • Source Address
    Type: Any Address
  • Destination Address
    Type: MAC Address
    MAC Address: [TAP adapter MAC Address]
  • Source Port
    Type: Any
  • Destination Port
    Type: Any or specific opened ports.[/ol]

Rule #2 - To allow outgoing connections from the application through VPN.

[ol]- Action: Allow

  • Protocol: TCP/UDP
  • Direction: OUT
  • Source Address
    Type: MAC Address
    MAC Address: [TAP adapter MAC Address]
  • Destination Address
    Type: Any Address
  • Source Port
    Type: Any
  • Destination Port
    Type: Any[/ol]

Rule #3 - To block all traffic not going through VPN

[ol]- Action: Block

  • Protocol: IP
  • Direction: IN/OUT
  • Source Address
    Type: Any Adress
  • Destination Address
    Type: Any Address
  • IP Details
    IP Protocol: Any[/ol]

The above rules have worked just fine for me with various different applications.

Edit: I kinda just assumed it was OpenVPN but if it’s not then the same thing could possibly be done for other VPNs if the VPN has its own network adapter. If it doesn’t then I don’t know, I’ve only worked with OpenVPN based VPNs.

I’ve seen it pop up and ask about OpenVPN. It’s Private Internet Access that I’m using. I’ll give it a shot and see if it works. :slight_smile:

Perfect, that worked like a dream. Thanks. :slight_smile:

One last thing, and this isn’t a dealbreaker but I’m wondering can I create a ruleset for certain programs to bypass the VPN and connect directly to my regular internet while these other programs (i.e. the p2p ones) are locked to only running through the VPN?

Not that I know of.

Just create a new NETWORK ZONE and name it VPN ONLY etc and add the MAC address of the Tapi adapter. You have to remember that if you delete and generate a new Tapi adapter that you need to update that MAC address. For P2P I periodically change MAC addresses and generate new OpenVPN Keys.

This is THE KNOWN GOOD configuration, I’ve ran this for a long time now. You can launch the View Active Connections to verify that everything is using your VPN address and not 192.x.x.x

I modified the TAPI adapter and deselected to not use:

Client for Microsoft networks
File and Print Sharing
Qos
IPV6
Link-Layer topologies

Also deselect under IPV4 > Advanced > DNS > Register this connection’s addresses in DNS
Deselect WINS > Use netBIOS over TCP/IP

I have an issue with port forwarding with this Predefined Policy though and creating yet another thread about it. If your VPN assigns a local 10. address, on some trackers you will not show as connectable. If your VPN provider assigns a shared public IP which is NOT a 10. on your end, then in my experience all trackers will show you as connectable.

It was impossible for me to use kill switch features when I was connected with a different vpn provider for p2p file sharing but after joining some useful discussions I understand why Ivacy VPN is more important and how can I actually setup up properly. here are some useful tutorial instructions.

Thanks.