Kill switch at boot
The kill switch used to work at boot, as if firewalled shut while waiting for login. PIA will autostart in the Admin Account but my ISP is open while waiting for PIA to start. So there is always a period of time without vpn in Admin Account and with the Regular Account, maybe a long time if forgetting to start PIA.
Once started, the kill switch works until reboot.
v65, win 10.
Anyone get this to work like it used to with Internet disabled until PIA start?
Comments
had the same problem. Even though support tried to help me we ended up agreeing that it is the OS causing the problem.
So I went on and created a workaround which seems to work for now.
1. create two .bat files (by creating a standard .txt file, copy-pasting the below lines and then re-naming it to .bat. Place them somewhere you can find them again)
a) enable network.bat
timeout 30
netsh interface set interface "Local Area Connection" ENABLED
netsh interface set interface "Ethernet" DISABLED
netsh interface set interface "Ethernet" ENABLED
b) disable network.bat
netsh interface set interface "Local Area Connection" DISABLED
Replace the "Local Area Connection" with your standard network adapter name. The "Ethernet" has to be replaced with the name of the TAP adapter created by PIA.
The "timeout 30" defines how many seconds the system waits until the network adapter is enabled. Therefore the PIA tray agent has to have finished starting BEFORE the timeout runs out. This might vary depending on your system. To find out, just logon to your user profile and count down the seconds until you get the notification that PIA is connecting and enter that value instead of the "30".
2. Search for Edit Group Policy (using windows search) --> user configuration --> windows settings --> scripts (logon/logoff)
--> logon --> add: enable network.bat
--> logoff --> add: disable network.bat
That's it, you should now have a complete kill switch in place.
cheers
Rakor
ps. I know this is not the best solution, but hey, it seems to work and stops any data leaking before the PIA kill switch has started up.
Is this kill process at startup really worth it. It might be for you but really, is it doing what you think it is doing. The same process works if you turn off your modem while staying connected to your router. You can start the PIA process but nothing will happen until you have a path to PIA. That path will only start when the modem is turn on and the modem and ISP have negotiated the link.
I am not saying this to upset you. Just trying to get a logical process understood that it does not take long for a few bytes of data to transfer even before the PIA process starts.
- Configure Windows to automatically login with non-admin account on bootup.
- Set a static IP and static DNS for the physical adapter. Leave the default gateway value empty.
- Set PIA to start on login
- Set PIA to automatically connect on startup
- Enable PIA kill switch
Works perfectly.I rebooted the test system 5 times , verifying that there was no internet access before PIA started, and none after the VPN connection is terminated. Also made sure that no settings were lost during reboots.
Testing was done with
- Windows 10 Professional install on a VMWare Guest on ESXI 6.5 host.
- PIA for Windows. I don't see a version number anywhere in the app, but I installed it in the last month, so probably 7.5.
I want to note that in this test configuration , your local DNS still works if you have one. In that case a DNS leak is possible. For example I have Pi-hole and Unbound DNS running on my local network . So I can still resolve Internet sites like "www.amd.com" to IP address even though I cannot connect to them directly.What you can do is not use your ISP's DNS servers, use public DNS ( Google 8.8.4.4. 8.8.8.8 ) instead.You ISP would have to be sniffing your network packets for DNS requests to spy on what sites you are interested in.
I could not test for DNS leaks since the test system did not access to Internet leak tests sites and the LOE to do it otherwise was out of scope ( ie I'm too lazy to do it
I hope that this helps someone. Feel free to do further testing and add your experience / insights to this thread.
This didn't seem to be a problem with older versions. So what changed? And can these new versions be changed back? This problem makes this service practically unusable for me now.