Why windows firewall network lock?

[BreathingAir 9]

Hello,

 

I use two simple .bat files - one to block any non-vpn traffic, and another to unblock once I have disconnected from VPN. Please can staff confirm if this is sufficient to avoid any leaks. I am curious because if it is sufficient, why use more complicated methods in the Eddie such as windows firewall rules which may conflict with other firewall programs that are active?

 

Here are the .bat's that I use (from the forums on this website):

 

Block Non-VPN Traffic.bat

route delete 0.0.0.0 192.168.0.1

pause

 

 

Unblock Non-VPN Traffic.bat

route add 0.0.0.0 mask 0.0.0.0 192.168.0.1

pause

 

 

 

Are the Eddie methods superior to this?

 

Thanks

 

[Staff 10116]

Hello!

 

Your method is perfectly fine. In Eddie Network Lock has not been implemented in this way for some potential problems in specific configurations, we needed a method that must be as generic as possible and applicable to a wide amount of systems. Additionally, Eddie performs a lot of tests for servers ratings, but the route command execution can be extremely slow in Windows: keeping the rating system with Network Lock would have needed dozens and dozens of route commands with huge delays.

 

Kind regards

[Philiberti 9]

Hi,

 

I have Kaspersky Internet Security 2015 and employ its firewall which I find to be much better than my Windows 7 firewall. Does this mean that Network Lock wouldn't work in my situation if the VPN connection dropped? I have previously used VPN Watcher to kill Firefox and torrent client when VPN connection dropped - it is effective but I was hoping that the new Eddie client "Kill Switch" would avoid the need to use a third party program such as VPN Watcher.

 

Thanks

[BreathingAir 9]

Hello,

 

I just want to amend the bat files I showed in original post in case anyone copied them! Unfortunately they only block IP leak and not DNS leak! Even network lock in the client is of course only for ipleak and not DNS.

I have now updated using NaDre's guides on forum (hope I got it right), and reserved DHCP IP in router setting so lease doesn't expire and renew.

 

 

Here are my bat files (updated to change DNS server to AirVPN's main DNS 10.4.0.1). Of course local area connection name and default gateway address may be different on different PC.

Can check default gateway deleted and DNS server changed for non-vpn connection in command prompt using "ipconfig /all"

 

 

Block Non-VPN Traffic.bat

 

route delete 0.0.0.0 192.168.0.1

netsh interface ip set dns "Local Area Connection" static 10.4.0.1

 

pause

 

Un-block Non-VPN Traffic.bat

 

route add 0.0.0.0 mask 0.0.0.0 192.168.0.1

netsh interface ip set dns "Local Area Connection" dhcp

pause

 

 

--------------------------

 

Hopefully that works (I am just a noob), ipleak.net and dnsleaktest.com look OK.

 

 

[Anonymous_13 32]

Oh my god this information is priceless thank you very much. It should be sticked for anyone who cannot use the network lock function because of custom firewall installed.

 

But I have one question. Once I block all traffic is there a way to manually allow AirVPN Client to login? I would like to perma block all traffic but I want to be able to login and it says it cannot resolve the "auth.airvpn.org"

[NaDre 159]

  On 3/1/2015 at 7:52 AM, Anonymous_13 said:

...

But I have one question. Once I block all traffic is there a way to manually allow AirVPN Client to login? I would like to perma block all traffic but I want to be able to login and it says it cannot resolve the "auth.airvpn.org"

 

Just before you try to login to a particular AirVPN server, you would have to add a routing table entry to route traffic to the server entry address through the real interface. You can get the entry IP address from the ".ovpn" file for the server that the config generator produces, if you check "Advanced Mode" and then "Resolved hosts in .ovpn file".  For example for Almach:

route add 199.19.94.12 mask 255.255.255.255 192.168.0.1

One thing to note. The connection to Almach will also try to add an identical routing table entry to the one above. I believe this will not be an issue. But you should watch out for that possibility. Normally when you disconnect from Almach. OpenVPN would remove that routing table entry. I am not sure if it will get removed if the entry was already there. You can check this.

 

UPDATE:

 

It just occurred to me that you are using the AirVPN client, not the OpenVPN client itself. So what I said above will be no help. I do not use the AirVPN client.

[speakingtruth2you 0]

Hi,

I'm new to all this here.
I noticed the network lock but didn't enable it.

Besides downloading the software and installing What more do I need to do to ensure no dns leak and if connection drops I'm protected.

I've used another vpn on my desktop but I could automatically tell it to block dns leak and protect if connection losts.
So if I need to do more please point me in the right direction.

Thank kindly

[Anonymous_13 32]

First check www.dnsleaktest.com and see if you are affected by the DNS leak or not.

If you are, just  set a custom DNS server to your network adapter. If you don't know what I mean: http://pcrepairs24.com/articles/change-dns-settings-of-your-network-adapter-to-speed-up-browsing-experience-windows-7

 

You can use googles DNS server which is 8.8.8.8 or you use for your safety the openDNS server or the  airvpn DNS server just use search function.

After you did that check again if your dns leaks or not but it should be fixed then.