v6+VPN & Block uTorrent for Non-VPN Connections

Yes, I know there have been several topics on this, and each one has dealt with it differently, and none to my satisfaction.

To my logic, it should be simple - the VPN has a TAP MAC address, if the MAC address is specified as a Network Zone (ex VPN), then setting the Application rule to BLOCK when the EXCLUDE box is checked for Source & Destination SHOULD work. This should also work for JUST selecting the MAC address for the application rule, without having to also create a Network Zone.

However, this is NOT working. I do not want to use IP ranges, as I have a wide variety of IP ranges that may be selected when I connect.

I’d like to know if this is just a bug or am I missing something in my logic?

Thanks!

Try disabling чTP in utorrent and see if it makes a difference.

I would honestly rather keep that enabled, since it does allow for more peer discovery and connectivity.

Is there no way to block this in Comodo? I’d really rather not just cut the internet connection itself (VPN client does have a “kill switch”).

Thanks!

(and if there is no way currently, is it something that the Comodo dev team is working on?)

Forgive me for jumping in here :slight_smile:
I used the same rules as found in Here
and can say they work 100% with CIS 6x :-TU
VPN only connection can be forced on a per application level - Utorrent been no exception.

[attachment deleted by admin]

Hi Treefrogs!

I will give that a try (almost went with Boleh, lol - might still switch).

Will let you know if it also stops uTP.

No worries, it was only an idea based on a situation I’m looking at, where CIS is having a hard time, under certain circumstances, blocking p2p when чTP is active. The link from treefrogs should work with most VPN suppliers :-TU

Yes, the Boleh method DOES work, and it does not block uTP connections while connected to the VPN - however, oddly, it also appears to block some trackers, no idea why (error is "An attempt was made to access a socket in a way forbidden by its access permissions’)

Any ideas?

==================

In looking at the logs, I also see entries like these (where 192.168… is my local machine address) –

Dir Prot Source IP SrcPort Dest IP Dest Port
Out TCP 127.0.0.1 35643 127.0.0.1 12080
Out TCP 127.0.0.1 35637 127.0.0.1 12080
Out TCP 127.0.0.1 35627 127.0.0.1 12080
Out TCP 127.0.0.1 35615 127.0.0.1 12080
Out TCP 127.0.0.1 35605 127.0.0.1 12080
Out TCP 192.168… 35602 XXX.XXX… 22525
In TCP XXX.XXX… 51322 192.168… 22525

Port 22525 is the open port that is forwarded on my router

There are both UDP & TCP entries, In & Out.

These entries are all from uT after I put the Boleh rule in place, and the IPs correspond to the IPs of the trackers I mentioned losing connection to above.

Very odd ???

=============================

Ok, now this is REALLY annoying. So I decided to remove the previously created rules and set uT back to Allowed Application - however, it will NOT stay that way - it keeps prompting me for every bloody connection! And changes the setting to Custom. I change it back to Allowed, and it starts prompting me again.

WTF?!

Probably an obvious question, however, if needed/supported have you made sure the appropriate ports have been forwarded from the vpn providers end? If that side of things is ok, it may be the port is being held open by another process. You can check this by opening a command prompt ad typing:

netstat -ano |find /i “listening”|find /i “:22525”

It will give you the PID in the right most column. Use this to fins the application with task manager.

Failing that, as an exercise only, run ut as Administrator, assuming you’re not doing so already. See what happens.

As far as the prompts are concerned, did you make any changes to Global rules?

Port 22525 IS the port that is active (and used by uT) and is forwarded on my router (and from the VPN) - that connection is fine. The reason, as I understand it, that it is blocking it, is that it is my NIC IP that is showing, not the TAP MAC address.

I don’t understand a) why it anything would be connecting directly to the NIC address, and b) why I have so many connections to 127.0.0.1, and c) why those 127.0.0.1 connections are blocked.

I made no changes to the Global Rules, I added the Boleh rule in the RULESETS section.

Thanks!

You’ve obviously obtained some additional information? Unfortunately, however, I’m not sure I understand exactly what you’re saying?

I don't understand a) why it anything would be connecting directly to the NIC address,

Any inbound connection, which this appears to be, has to have an endpoint. At one level, that’s the IP address of the network interface.

and b) why I have so many connections to 127.0.0.1, and c) why those 127.0.0.1 connections are blocked.

127.0.0.1 port 12080 is the address and port used by the Avast web shield, are you using Avast?

I made no changes to the Global Rules, I added the Boleh rule in the RULESETS section.

Perhaps you should post details of your application and global rules along with ports used and any appropriate log entries.

Did you try the suggestions I made?

Not sure what more I can say about Port 22525 being blocked, other than it should NOT be when connected to the VPN - it is the port that is used by uT.

When I install the VPN client, it creates the TAP (Tunneling Access Protocol) Network Connection - it is the MAC address of that, that I based the Zone of off (per the Boleh instructions).

When I created the RULESET, it was based on the MAC address of the TAP Adapter, so that when that adapter was NOT active (meaning the VPN was not connected/active) uT would be unable to connect.

When I say I don’t know why it would be connecting directly to my 192 address, I mean instead of the address for the TAP adapter (when the VPN is active).

Yes, I am using Avast - but it is set as an Allowed Application, however, as I mentioned, the “Allowed Application” setting does NOT appear to be retained - every instance keep switching to CUSTOM and the only rule is set as Allow IP OUT from any MAC to any MAC

I do not understand why it will not retain the Allowed Application setting. :frowning:

It was SOOOOOOOO much easier to configure things in the previous version. As an experienced UI designer, I cannot stress enough how utterly cumbersome this new interface is. It literally takes a minimum of twice as many clicks to get to what you want, nor is it as intuitive as the previous version. I KNOW that there are going to be memory conflict, as I also run SysInternals Process Explorer, and I previously had to configure Comodo to stop logging memory hits.

IMPO, Comodo needs to start doing public betas to get effective USER feedback during development - please don’t become another M$, where all you do is bloat any make good software bad :frowning: No matter HOW “good” something is, people will not use it if they do not find it to their liking or cannot easily/effectively use it.

If there was a way to go back to the previous version, I believe that I would do so in a heartbeat.

Thanks.

If you want to return to an earlier version - I still use 5.10 - you can get them from:

32 Bit - Comodo Internet Security 5.12.256249 (32-bit) Download
64.bit - Comodo Internet Security 5.12.256249 (64-bit) Download

If you want to stick with version 6, I’ll try and help you through it.

Thanks much.

I’ll certainly continue to give it a try (I’m not one to easily give up on things - just needed to vent a bit :wink: IMPO, too much is put out these days without the necessary input from the people who actually USE the stuff = never the fault of the coders, but of the designers and the project managers).

I grabbed that version just to be safe.

So what else do you have in mind?

Unless the port is being bocked at the VPN provider end. With my VPN provider, I have the option to specify which ports I want forwarded. This is independent of anything I do on my LAN.

When I install the VPN client, it creates the TAP (Tunneling Access Protocol) Network Connection - it is the MAC address of that, that I based the Zone of off (per the Boleh instructions).

When I created the RULESET, it was based on the MAC address of the TAP Adapter, so that when that adapter was NOT active (meaning the VPN was not connected/active) uT would be unable to connect.

When I say I don’t know why it would be connecting directly to my 192 address, I mean instead of the address for the TAP adapter (when the VPN is active).

Assuming your rules are correct, both inbound and outbound connections should use the IP address received from your VPN TAP, usually 10.x.x.x. (image) If you’re seeing something else, perhaps the configuration is incorrect.

Yes, I am using Avast - but it is set as an Allowed Application, however, as I mentioned, the "Allowed Application" setting does NOT appear to be retained - every instance keep switching to CUSTOM and the only rule is set as Allow IP OUT from any MAC to any MAC

I do not understand why it will not retain the Allowed Application setting. :frowning:

Most applications only need permissions to make outbound connections. Setting everything to ‘Allowed application’ is unnecessary. If the rules are changing without intervention, your firewall settings may be a cause or you might have a bad installation.

It would probably be useful if you could post some details of your configuration. Screen shots are quite good.

It was SOOOOOOOO much easier to configure things in the previous version. As an experienced UI designer, I cannot stress enough how utterly cumbersome this new interface is. It literally takes a minimum of twice as many clicks to get to what you want, nor is it as intuitive as the previous version. I KNOW that there are going to be memory conflict, as I also run SysInternals Process Explorer, and I previously had to configure Comodo to stop logging memory hits.

Agreed.

IMPO, Comodo needs to start doing public betas to get effective USER feedback during development - please don't become another M$, where all you do is bloat any make good software bad :( No matter HOW "good" something is, people will not use it if they do not find it to their liking or cannot easily/effectively use it.

There is a newly founded ‘preview group’ that will hopefully be taken notice of.

[attachment deleted by admin]