How to Allow Only VPN Traffic on Unsecured Wireless AP

Securityvpnwindows 7wireless-networking

When I'm connected to an unsecured wireless AP (coffee shop for example), I want to limit my computer to only sending traffic through my VPN connection. When I'm connected to the VPN, this is generally the case. However, occasionally the VPN will disconnect if there's a wireless dropout, etc. In this case, I don't want the computer to silently start sending unencrypted packets over the air.

The rule is: If connected through an unsecured wireless connection then only allow VPN traffic. When I connect to the VPN, obviously other traffic would automatically be allowed because it acts as an additional WAN connection.

Operating system is Windows 7 x64 RTM.

Best Answer

I finally found a tolerable solution to this problem by setting up "Firewall user profiles" in ESET Smart Security. I have a "Home" profile, a "Mobile" profile, and an "Insecure" profile. It's set to default to the Insecure profile unless I join a network that I've manually configured on one of the other profiles.

Related Solutions

Windows – How to force only Chrome to send network traffic through VPN connection on Windows 7

I think, for what you want to do, you can use the Proxy Switchy! extension for Chrome and create a different profile for your VPN and set the Network in the Proxy Switchy! settings as so:

enter image description here

This seems to be the easiest way to achieve what you want as selecting a profile will route through that specific connection.

All your other traffic will be routed through whatever the local connection is, and your Chrome traffic will be routed through the VPN.

Windows – In Windows 10 how do you ensure all traffic goes through VPN

Note:

Be sure you have only one network adapter enabled, example: if you are using ethernet, be sure wireless is disabled. If using wireless be sure no ethernet cable is connected, or disable the adapter in networking and sharing center > change adapter settings.

Open command prompt and do a command:

netstat /r

note the Interface ip address on the 0.0.0.0 line in the "Active Routes" section , lets just say it is 192.168.0.1

Connect to your VPN

Do another netstat /r

Note you will see a new ip route for the vpn (second 0.0.0.0. line), note that Interface new route ip

Now kill the original non vpn route with this command

route delete 0.0.0.0 192.168.0.1

then do another netstat /r

you will only see your vpn route now, and if your VPN line drops, you lose that route, so there are no more 0.0.0.0 routes and your external connection will be immediately cut off. If you want to access the internet you'll need to add the original route back with this command:

route add 0.0.0.0 mask 0.0.0.0 192.168.0.1 IF 8

The "IF 8" means "interface 8". The number 8 may be different on your computer, look at the output of netstat -r to get the correct number of your interface in the Interface List

All that being said I would disable ipv6, I have done this with no issues after doing so.

disable ipv6 command:

netsh interface teredo set state disabled

Enable ipv6 command:

netsh interface teredo set state default

Best Answer

Related Solutions

Windows – How to force only Chrome to send network traffic through VPN connection on Windows 7

Windows – In Windows 10 how do you ensure all traffic goes through VPN

Related Question