I’m still running on older Comodo Free 5.8. on win 7 x64 but I like this interface and it mostly works for me, when it doesn’t crash.
I created a Network Zone for the VPN bound to the Tapi MAC address, then Predefined Policy using the three general IP Rules as described by Sanya IV Litvyak in reply #3 https://forums.comodo.com/firewall-help-cis/trying-to-set-up-a-vpnp2p-kill-switch-but-it-still-allows-connections-t114193.0.html;msg829281#new.
The application rule for uTorrent uses this Predefined Policy and it works. ALL traffic goes through the VPN on the 10. network. I run DNS Client svc and I also see that DNS is on the 10. for port 53. Great, this works except for one thing - port forwarding.
In uTorrent, IF THE IP assignment is a 10. address then I have the NOT CONNECTABLE ! and also on some tracker sites I show as not connectable.
I see all the uTorrent 192.x.x.x connection attempts BLOCKED and no 192.x.x.x traffic ever in the View Active Connections.
In the Comodo > Firewall > View Firewall events I have a series of BLOCKS from uTorrent TCP OUT on 192.168.x.x source port any to DESTINATION IP “the other end of the tunnel which is the public IP” and PORT "what I set in uTorrent ex: 45678
I can never get past this, ever.
No amount of modifying the Predefined Policy or creating a Global Rule at the top works, and I’m exhausted with it already. With VPN providers that assign non 10. ranges this is not as issue, but most all do assign 10. internal IPs and this is an ongoing problem.
The Global Rule for the port is set to fire but never does, only the BLOCKED.
I created a new PORT > Single Port but this didn’t work either.
Obviously I can’t have my 192 address talking directly to the external IP or this defeats the purpose of the VPN only using the Tapi MAC address. Even if I can port fwd I need to know 1000% that no user specific information found in the LAN adapter can be passed out to any address. ONLY the faker Tapi MAC address can be bound to packets and the traffic must be contained within the 10. LAN which is PUBLIC.
Any of you heavy hitters out there have some PORT FORWARD ideas to try that I may not have yet?
Thanks in advance!
[attachment deleted by admin]