Isolate VPN-connected machine on Intranet

[quantensprung 0]

I am trying to completely isolate the machine that I use with my VPN connection from other machines on the intranet local network.

I am using Windows 10 and Eddie on a VM guest that gets internet access through Windows ICS. The VM guest's IP is 192.168.32.10. Other machines in the intranet have an IP range of (e.g.) 150.0.0.1-150.0.0.254.

I have read quite a few posts about this here, but did not find a definite answer. I have activated Network Lock (and unticked LAN access) and created a Firewall rule to block all applications to access 150.0.0.0/16, which should prevent any access to other machines on the intranet. What confuses me is that a network scan still finds all machines in the intranet IP range 150.0.0.1-150.0.0.254 when connected to the VPN with Network Lock and the additional firewall rule.

Is this normal? Am I missing something? What steps can I take to ensure that there is absolutely now leakage of the VPN-connected machine to other machines in the intranet?


 

[OpenSourcerer 1360]

Ping is using ICMP. I'm not sure if this is accounted for in Windows. If you try connecting to one of the machines via TCP/UDP it won't work as expected. In Settings > Network Lock, what's the method you chose?

By the way, 150.0.0.0/24 is a public IPv4 address. I hope you didn't configure your local (private) network to use it.

[quantensprung 0]

I am using WFP as the network lock method. 150.0.0.0/24 was just an example, not my private network.

Actually, I cannot ping any computer with network lock on ("General Failure"). I suppose that is how it should be because a deactivated Ping in the Network lock.  What I can do, however, is see both machines in an IP Scanner (e.g. Angry IP Scanner). The scanner results in alive machines when I scan the guest from the host. When I scan from the guest, I can see all other machines connected to my private network. I find this a bit puzzling.