How to Create a Custom VPN Kill Switch in Windows
A lot of people use the best VPN services to circumvent network restrictions and to download torrents. Because encrypted traffic passing through a VPN tunnel is hidden, you don’t need to worry about someone intercepting your data. However, VPNs that are unstable pose some gigantic risks. For example, pretend that you are downloading a torrent. The data you are downloading isn’t necessarily illegal, but the network you are using may not want its users downloading torrents of any kind. Then, your VPN tunnel drops. After your Bittorrent tracker connects with other peers again, it resumes your file downloads – only this time without the protection of a VPN tunnel.
In these situations, it’s handy to have a kill switch to shut down your Internet connection or application so that specified traffic doesn’t get sent over the Internet outside of your VPN tunnel. In fact, some VPN providers offer a kill switch mechanism in their software. However, if your software doesn’t provide this feature, you can create a kill switch on your own. For the remainder of this demonstration, we will assume that you are using OpenVPN in combination with Comodo Firewall.
Comodo is a handy firewall tool because it is standalone software. In addition, it’s free! Just make sure that you completely disable the Windows firewall before installing Comodo. Running multiple software firewalls can cause some conflicts and cause you to bang your head against the wall.
Step 1: Determine Your Physical Address
The first thing you will want to do is fire up your VPN and determine the address the adapter is using. After you have made a successful VPN connection, you can open the command prompt in windows by hitting your windows key, typing cmd and hitting the enter key. A black box should have popped up. Now, you just need to run the ipconfig /all command. Scroll through the output until you see the section for TAP-Win32. You want to keep this information up and take note of the address listed under the row labeled Physical Address.
Step 2: Make and Configure a Network Zone
Now you will want to fire up Comodo. You should have already installed it after disabling the Windows firewall completely. Now you will want to click on the Advanced Settings button in the top left and browse to Firewall, and then browse to Network Zones.
Next, you will want to add a new Network Zone and give it a name. Click OK, select your new zone, and add a new address. Select a type of MAC address, and enter the physical address you found in the first step by running ipconfig /all in the command prompt.
Step 3: Configure a Rule Set
The next step is to configure a Rule Set that will include the services you will want to kill in the event that your tunnel goes down. You can configure options such as web browsers, FTP file transfers, email, and many other options.
Name your Rule Set and click the Add button. To create a rule, you can select and action (allow/block), a protocol which should be set to IP traffic, the direction of that traffic (in/out), as well as source and destination addresses.
You will want to create two sets of rules with the following parameters:
- Action: allow
- Protocol: IP
- Direction: out
- Source address: the network zone you created
- Destination address: any
For the second rule set, we will want to edit any incoming traffic. Simply change the direction to in, the source address to any address, and set the destination address as your network zone.
Please note that the order of these rules is very important. The order they appear is the order in which they are applied to traffic. You can drag and drop the rules to change their order, but you want to make sure that the deny all traffic (block) rule is last.
Step 4: Apply the Rule to Services and Programs
Now browse to Firewall and then Application Rules. There are some prepopulated programs and services that you may want to force to use the VPN tunnel. If you do not see the program or service you wish to configure, you can click the Add button. Then you will need to browse to the program’s location and click the Use Ruleset button. Now your rules should be applied to the services of your choosing. The only thing left to do is test.
For example, if you wanted to force all browser traffic through your VPN tunnel, you would need to test this. Fire up your VPN tunnel and try browsing the web. Now disconnect your VPN tunnel and try browsing the web. If you are unable to pull up any web pages from your browser when your VPN is disconnected, you have succeeded. If it doesn’t work immediately, you may need to reboot your PC and double check that the rules are in correct order.
I can’t find TAP-Win32 adapter on my computer, is it possible that it is named something else on windows 10? also i am not running 32bit version but 64, maybe that’s the problem?
Excellent article! Comodo thanks you!