How to configure Windows Direct Access with PIA?
Windows versions marked as Ultimate, Enterprise, or Server (including windows 10) have a service called Routing and Remote Access or RRAS, which is a truly always-on tunneling service for connecting either to specific work server protocols either VPN protocols. (Source)
I'm not a networking and vpn wizard. Can anyone explain how to connect PIA or OpenVPN through this RRAS service? Or if it's possible?
Why we need it:
RRAS does not allow any connections to be made outside the PC if they're not through the VPN. Whereas PIA's client is more of a user triggered program, which turns on after login, and is by no means the first internet-connecting app to open up when you turn on your PC. Furthermore the PIA app can die or be killed (thus circumventing the "killswitch"), whereas something like RRAS cannot.
[EDIT] Upon further research it seems that RRAS is for configuring a VPN on the server side, while I'm looking for something on the client side.
The client version is called Microsoft Direct Access, so I'm changing my question to how to configure Direct Access. (Source)
I'm not a networking and vpn wizard. Can anyone explain how to connect PIA or OpenVPN through this RRAS service? Or if it's possible?
Why we need it:
RRAS does not allow any connections to be made outside the PC if they're not through the VPN. Whereas PIA's client is more of a user triggered program, which turns on after login, and is by no means the first internet-connecting app to open up when you turn on your PC. Furthermore the PIA app can die or be killed (thus circumventing the "killswitch"), whereas something like RRAS cannot.
[EDIT] Upon further research it seems that RRAS is for configuring a VPN on the server side, while I'm looking for something on the client side.
The client version is called Microsoft Direct Access, so I'm changing my question to how to configure Direct Access. (Source)
Comments
You may be able to follow our L2TP guide and then configure that VPN connection for always-on, but for the OpenVPN side of things the way I would approach the problem is a bit different. I would simply set up a Windows service that just runs OpenVPN as early as possible during the boot process to do the same thing.
Unfortunately I'm more of a Linux guy so maybe someone else will be able to help you better for the specifics.
How's the always-on situation like on Linux? Better? I'm thinking of running windows as a VM inside a Linux host at some point.
Basically I was looking for a fullproof/crashproof/microsoftproof way to make sure my pc does not connect to the internet unless it's through PIA.
What I have now actually is a batch file in windows that I run on Logoff using a group policy event (User Configuration > Windpws Settings > "Scripts (Logon/Logoff)"). In this script I turn off all network adapters (except the PIA TAP one), so that next boot I can wait until the PIA app is finished loading up and then enable the network adapter after.
The problem is, Microsoft has the power to turn on all network adapters on system startup (before user log on) and connect to the internet if it so pleases (like it does for example after you upgrade to a new windows OS milestone). So it's potentially unsecure especially if you have a laptop with a built in wifi chip.
Also if the PIA process dies (as I've caught it do a couple of times on my machine) , then you connect to the unprotected internet..
One way to achieve this, is to install the standard OpenVPN client. And then, much similar to how the Linux configuration done. You can configure/run OpenVPN as a Windows Service (running on boot). Thus being able to achieve this result of having an "always-on" VPN solution.
https://openvpn.net/index.php/open-source/documentation/howto.html#startup
The exerept you're looking for:
So basically, from the basic installation. So long as you choose to install the "Service" option of OpenVPN. This is achievable simply by putting the required OpenVPN configuration file into the specified directory.