soooted 1 Posted ... Is there a way to guarantee that certain applications such as my web browser always connects through the VPN? With HMA, I could "lock" a specific application with the VPN client to guarantee that the application would only run if the VPN was up, otherwise the application would not connect to the network. In the applications I intend to use, I can designate a proxy. Is there a way to configure the AirVPN client to act as a local proxy? That way I can configure my apps to only connect to 127.0.0.1 proxy and if the VPN gets disconnected, the apps won't be able to send any traffic on the network. Quote Share this post Link to post
Staff 9972 Posted ... Is there a way to guarantee that certain applications such as my web browser always connects through the VPN?With HMA, I could "lock" a specific application with the VPN client to guarantee that the application would only run if the VPN was up, otherwise the application would not connect to the network. In the applications I intend to use, I can designate a proxy. Is there a way to configure the AirVPN client to act as a local proxy? That way I can configure my apps to only connect to 127.0.0.1 proxy and if the VPN gets disconnected, the apps won't be able to send any traffic on the network.Hello!Adding a proxy to achieve such a simple task is a waste of resources and could prevent OpenVPN to tunnel over another proxy, forcing you to renounce to an OpenVPN interesting feature. For a proper solution please read here:https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142Kind regards Quote Share this post Link to post
MrConducter 11 Posted ... Install Comodo and change your application rules. Or do this, it works. https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2183&limit=6&limitstart=18&Itemid=142 Quote Share this post Link to post
soooted 1 Posted ... Unfortunately, I can't use Comodo on this server. I want to block all traffic outbound except when source is 10.4.x.x to 10.9.x.x. My problem is the block rule also blocks AirVPN from connecting. Windows Firewall has built-in precedence so you can't arrange the policy order. By default, blocks are processed before allows. If I know what AirVPN server ranges (for the initial SSL login and then the VPN connection), I can create a block rule but allow connections to AirVPN IP ranges. Another thought is if I could force AirVPN to use a known set of low source ports, I could add an exception to the block rule based on source port. If someone has a Windows Firewall configuration that works, please let me know. Quote Share this post Link to post
Staff 9972 Posted ... Unfortunately, I can't use Comodo on this server. I want to block all traffic outbound except when source is 10.4.x.x to 10.9.x.x. My problem is the block rule also blocks AirVPN from connecting.Hello!Quick solution:- add to your hosts file the line:46.105.19.36 airvpn.org- block svchost.exe with the same rule (this will block any DNS resolution outside the tunnel) and use a less restrictive global rule.See also this message (and all the thread):https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2183&limit=6&limitstart=18&Itemid=142#2679Another thought is if I could force AirVPN to use a known set of low source ports, I could add an exception to the block rule based on source port.Our VPN servers respond to the following ports:443 UDP, 443 TCP, 80 TCP, 80 UDP, 53 TCP, 53 UDP.You choose the port when you connect to one of our servers.Kind regards Quote Share this post Link to post
soooted 1 Posted ... I found a method that works for me using Windows Firewall, which is a big pain because you cannot control the policy precedence or use negative rules ("not in this IP range"). Here's what I did: 1. Create hosts file entry (since I will be blocking DNS) for airvpn.org = 46.105.19.36 2. Block all TCP from local subnet with the following destination ranges: 0.0.0.0 - 46.105.19.35 46.105.19.37-255.255.255.255 This allows for the AirVPN client to authenticate with 46.1105.19.36. 3. Block all TCP from local subnet on ports 1-442, 444-65535 to 46.105.19.36 This ensures that the only 443/tcp is allowed outbound to 46.105.19.36. 4. Block all UDP from local subnet, except 443 to ANY destination. 5. Block all ICMP from local subnet. I connect to the VPN only in 443/udp mode. My risk with the above is if I have an application that tries to communicate outbound on 443/udp when the VPN connection is down. I know I don't have any applications that use 443/udp. I tried specifying specific IP ranges to cover all of the AirVPN servers in #4, but couldn't get the VPN to connect. I would only need to modify rule #2 and the hosts file entry if the IP to airvpn.org changes in the future. I couldn't override a block rule with an allowed rule in Windows Firewall, i.e. the traditional way to handle point-to-point VPN connections. Quote Share this post Link to post