Need some help setting up firewall rules for the OpenVPN client

edited November 8 in Windows VPN Setup Posts: 4
Hi All,

What inbound/outbound rules do I need?

My firewall blocks everything once I connect to VPN.
Post edited by randomizer on
Tagged:

Comments

  • Posts: 456
    I personally use COMODO firewall. I have two rules that I have made for my VPN activity.

    The first rule block my Torrent Application if the VPN is not active. When the VPN become active then the Torrent Application will make connections to the proxy server. If for any reason the VPN drops, the Torrent Application immediately stops.

    The second rule is for my Outlook Email Client. This rules allows the OEC to operate as long as the VPN is not active. Once the VPN becomes active the OEM stops checking for emails. I do this because several times I forget to close my email and if I am on a server in Japan, the email client tries to connect to Gmail. I then get a "someone is using your email" message and they lock my account. So as soon as I activate VPN, the email stops checking for new mail.

    As for your Firewall, I cannot say. But probably you would have to have an exception for the URL or IP address of the server you are connecting to. Maybe setup a rule that will work with your TAP adapter. But I am not sure why your firewall would stop you VPN traffic. My Windows firewall was too dumb to know it was on VPN and just kept working.
  • I personally use COMODO firewall. I have two rules that I have made for my VPN activity.

    The first rule block my Torrent Application if the VPN is not active. When the VPN become active then the Torrent Application will make connections to the proxy server. If for any reason the VPN drops, the Torrent Application immediately stops.

    The second rule is for my Outlook Email Client. This rules allows the OEC to operate as long as the VPN is not active. Once the VPN becomes active the OEM stops checking for emails. I do this because several times I forget to close my email and if I am on a server in Japan, the email client tries to connect to Gmail. I then get a "someone is using your email" message and they lock my account. So as soon as I activate VPN, the email stops checking for new mail.

    As for your Firewall, I cannot say. But probably you would have to have an exception for the URL or IP address of the server you are connecting to. Maybe setup a rule that will work with your TAP adapter. But I am not sure why your firewall would stop you VPN traffic. My Windows firewall was too dumb to know it was on VPN and just kept working.

    Thanks, I got it working now!

    I have a question though, is there a way to route all traffic through the VPN?
    In my firewall log for blocked outbound connections there are some few applications that don't seem to pass through the VPN tunnel and instead would reveal my real IP. The logs show my real IP as source IP for these applications. They are blocked since I made sure to block applications trying to connect from my domain and private network.

  • edited November 10 Posts: 456
    To the best of my knowledge everything goes thru the VPN. So unless the application has a way of sneaking past the TAP then I would think that the application has the ISP IP address embedded somewhere in the code.

    Can you list the applications that are evading the VPN tunnel (if that is what they are doing)? If you go to ipleak.net do you see any other IP addresses except the PIA public IP and DNS?
    Post edited by Omnibus_IV on
  • edited November 10 Posts: 4
    Is it possible the applications can't find a way to the TAP and try to use the normal network interface?

    I'm not seeing any leaks, also tried an application called Network Traffic View and all traffic seems to go to/from the VPN. An example of applications trying to evade the TAP is the "System" process and svchost.exe. "System" tries to reach the remote ip x.x.x.255 on port 137 where the x's are the same as my real ip. svchost.exe tries to reach 40.77.226.246, a Microsoft server, on port 443 and the process using it seems to be WpnService/netsvcs. I'm on Windows 10 by the way.

    I seem to be getting a lot of loopback from the DNS service, I'm guessing that's because of the "block-outside-dns" in my config?

    Could I do something like what's suggested here on routing?
    Post edited by randomizer on
  • edited November 10 Posts: 456
    I have done some creative routing myself so that I could talk to a modem. But nothing outside the sphere of the TAP. Let me see if maybe one of the techs can help. I would at this point open a ticket so that at least it is documented. https://helpdesk.privateinternetaccess.com/hc/en-us/requests/new?ticket_form_id=296428 Tech support will ask for that ticket number.

    @PIAColleen do you think you can help this customer? Thanks

    added - I don't know Colleen's schedule so she might be a little late getting here.

    @Support

    Post edited by Omnibus_IV on
Sign In or Register to comment.