Jump to content
Not connected, Your IP: 3.21.159.223
Sign in to follow this  
soooted

How to guarantee VPN usage by application?

Recommended Posts

Is there a way to guarantee that certain applications such as my web browser always connects through the VPN?

With HMA, I could "lock" a specific application with the VPN client to guarantee that the application would only run if the VPN was up, otherwise the application would not connect to the network. In the applications I intend to use, I can designate a proxy. Is there a way to configure the AirVPN client to act as a local proxy? That way I can configure my apps to only connect to 127.0.0.1 proxy and if the VPN gets disconnected, the apps won't be able to send any traffic on the network.

Share this post


Link to post

Is there a way to guarantee that certain applications such as my web browser always connects through the VPN?

With HMA, I could "lock" a specific application with the VPN client to guarantee that the application would only run if the VPN was up, otherwise the application would not connect to the network. In the applications I intend to use, I can designate a proxy. Is there a way to configure the AirVPN client to act as a local proxy? That way I can configure my apps to only connect to 127.0.0.1 proxy and if the VPN gets disconnected, the apps won't be able to send any traffic on the network.

Hello!

Adding a proxy to achieve such a simple task is a waste of resources and could prevent OpenVPN to tunnel over another proxy, forcing you to renounce to an OpenVPN interesting feature. For a proper solution please read here:

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=1713&Itemid=142

Kind regards

Share this post


Link to post

Unfortunately, I can't use Comodo on this server. I want to block all traffic outbound except when source is 10.4.x.x to 10.9.x.x. My problem is the block rule also blocks AirVPN from connecting.

Windows Firewall has built-in precedence so you can't arrange the policy order. By default, blocks are processed before allows. If I know what AirVPN server ranges (for the initial SSL login and then the VPN connection), I can create a block rule but allow connections to AirVPN IP ranges.

Another thought is if I could force AirVPN to use a known set of low source ports, I could add an exception to the block rule based on source port.

If someone has a Windows Firewall configuration that works, please let me know.

Share this post


Link to post

Unfortunately, I can't use Comodo on this server. I want to block all traffic outbound except when source is 10.4.x.x to 10.9.x.x. My problem is the block rule also blocks AirVPN from connecting.

Hello!

Quick solution:

- add to your hosts file the line:

46.105.19.36 airvpn.org

- block svchost.exe with the same rule (this will block any DNS resolution outside the tunnel) and use a less restrictive global rule.

See also this message (and all the thread):

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2183&limit=6&limitstart=18&Itemid=142#2679

Another thought is if I could force AirVPN to use a known set of low source ports, I could add an exception to the block rule based on source port.

Our VPN servers respond to the following ports:

443 UDP, 443 TCP, 80 TCP, 80 UDP, 53 TCP, 53 UDP.

You choose the port when you connect to one of our servers.

Kind regards

Share this post


Link to post

I found a method that works for me using Windows Firewall, which is a big pain because you cannot control the policy precedence or use negative rules ("not in this IP range").

Here's what I did:

1. Create hosts file entry (since I will be blocking DNS) for airvpn.org = 46.105.19.36

2. Block all TCP from local subnet with the following destination ranges:

0.0.0.0 - 46.105.19.35

46.105.19.37-255.255.255.255

This allows for the AirVPN client to authenticate with 46.1105.19.36.

3. Block all TCP from local subnet on ports 1-442, 444-65535 to 46.105.19.36

This ensures that the only 443/tcp is allowed outbound to 46.105.19.36.

4. Block all UDP from local subnet, except 443 to ANY destination.

5. Block all ICMP from local subnet.

I connect to the VPN only in 443/udp mode.

My risk with the above is if I have an application that tries to communicate outbound on 443/udp when the VPN connection is down. I know I don't have any applications that use 443/udp. I tried specifying specific IP ranges to cover all of the AirVPN servers in #4, but couldn't get the VPN to connect. I would only need to modify rule #2 and the hosts file entry if the IP to airvpn.org changes in the future.

I couldn't override a block rule with an allowed rule in Windows Firewall, i.e. the traditional way to handle point-to-point VPN connections.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...