Firewall Killswitch Windows 10

FirewallKSHelpFirewallKSHelp
edited July 2016 in Windows VPN Setup
Can someone please tell me how to set up a Firewall kill switch with Windows 10 using the OpenVPN program. I want to set up the firewall kill switch, because have heard the that method that comes with the PIA application is known to leak packets. I also just want to use the open source program from OpenVPN.

So does anyone have an updated guide on how to set up a fire wall kill switch on win10? I tried a few that were on Google for other providers using the Tap drivers mac address and it would just block all my traffic and even my VPN connection wouldn't work. It would also be helpful if someone could tell me what ports are allowed with PIA? I tried changing the port to 22 in the OpenVPN config file, but it wouldn't even connect to type in my password.

Comments

  • BonkersBonkers
    Where did you read it leaks packets?   I haven't read this.

    I used to have the windows firewall setup to stop all non-vpn traffic, but it got to be a total pain in the butt.  Anytime anything went wrong it took ages to get it working again.  I'm sure there's an easier way...
  • moshbeastmoshbeast
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
  • FirewallKSHelpFirewallKSHelp
    moshbeast said:
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
    Just because you didn't see it doesn't mean it's not true. The kill switch doesn't always work and sometimes when you disconnect from it, it will go to your home connection, leaking packets. I have seen it happen many times to myself, I pretty much have to close all my important programs first before disconnecting for the VPN, to make sure the kill switch actually works. I also find myself connecting and then disconnecting and checking if my internet is actually blocked, because the kill switch just doesn't like to always work. Both IPv6 and IPv4 are known to leak from their client at times.

    https://www.reddit.com/r/VPN/comments/4oeqbi/only_nine_of_the_29_windows_vpn_clients_that_i/

    I really don't know what this has to do with helping me set up a firewall kill switch. I'm not here to expose PIA, because it's already well known they have a lot of issues with their client. I like PIA and just want to use the OpenVPN program instead with the firewall rules. I just can't get it working properly.
  • CJJacobsCJJacobs
    FirewallKSHelp said:
    moshbeast said:
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
    Just because you didn't see it doesn't mean it's not true. The kill switch doesn't always work and sometimes when you disconnect from it, it will go to your home connection, leaking packets. I have seen it happen many times to myself, I pretty much have to close all my important programs first before disconnecting for the VPN, to make sure the kill switch actually works. I also find myself connecting and then disconnecting and checking if my internet is actually blocked, because the kill switch just doesn't like to always work. Both IPv6 and IPv4 are known to leak from their client at times.

    https://www.reddit.com/r/VPN/comments/4oeqbi/only_nine_of_the_29_windows_vpn_clients_that_i/

    I really don't know what this has to do with helping me set up a firewall kill switch. I'm not here to expose PIA, because it's already well known they have a lot of issues with their client. I like PIA and just want to use the OpenVPN program instead with the firewall rules. I just can't get it working properly.
    I can tell you exactly what it has to do with helping you set up a firewall kill switch.... You made a statement about a fundamental function of the VPN service thus causing another member to say that they have never heard of such a thing happening. The individual was simply asking where you heard this info. It was a legitimate question. The link you provided actually provides no useful info at all since all it does is demonstrate something that's already known which is Windows will still make IPv6 connections unless you set PIA to disable IPv6. And even then, you need to insure that Windows respects that request. There are ways but I digress. There are many tutorials online with ways to do that which you seek. A quick Google search turned up dozens. The thing is, each varies based on what firewall program you're using, etc., etc. Here are the results; firewall killswitch
  • FirewallKSHelpFirewallKSHelp
    edited July 2016
    CJJacobs said:
    FirewallKSHelp said:
    moshbeast said:
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
    Just because you didn't see it doesn't mean it's not true. The kill switch doesn't always work and sometimes when you disconnect from it, it will go to your home connection, leaking packets. I have seen it happen many times to myself, I pretty much have to close all my important programs first before disconnecting for the VPN, to make sure the kill switch actually works. I also find myself connecting and then disconnecting and checking if my internet is actually blocked, because the kill switch just doesn't like to always work. Both IPv6 and IPv4 are known to leak from their client at times.

    https://www.reddit.com/r/VPN/comments/4oeqbi/only_nine_of_the_29_windows_vpn_clients_that_i/

    I really don't know what this has to do with helping me set up a firewall kill switch. I'm not here to expose PIA, because it's already well known they have a lot of issues with their client. I like PIA and just want to use the OpenVPN program instead with the firewall rules. I just can't get it working properly.
    I can tell you exactly what it has to do with helping you set up a firewall kill switch.... You made a statement about a fundamental function of the VPN service thus causing another member to say that they have never heard of such a thing happening. The individual was simply asking where you heard this info. It was a legitimate question. The link you provided actually provides no useful info at all since all it does is demonstrate something that's already known which is Windows will still make IPv6 connections unless you set PIA to disable IPv6. And even then, you need to insure that Windows respects that request. There are ways but I digress. There are many tutorials online with ways to do that which you seek. A quick Google search turned up dozens. The thing is, each varies based on what firewall program you're using, etc., etc. Here are the results; firewall killswitch
    If you actually read the link that i provided, the guy who ran the tests, said that IPv4 leaks as well sometimes during reconnects. That has nothing to do with disabling IPv6. The links on Google are all for other providers. PIA should give people information for setting it up with them. Since most of the links on Google require ip ranges from the provider.
  • OmniNegroOmniNegro

    FirewallKSHelp said:
    CJJacobs said:
    FirewallKSHelp said:
    moshbeast said:
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
    Just because you didn't see it doesn't mean it's not true. The kill switch doesn't always work and sometimes when you disconnect from it, it will go to your home connection, leaking packets. I have seen it happen many times to myself, I pretty much have to close all my important programs first before disconnecting for the VPN, to make sure the kill switch actually works. I also find myself connecting and then disconnecting and checking if my internet is actually blocked, because the kill switch just doesn't like to always work. Both IPv6 and IPv4 are known to leak from their client at times.

    https://www.reddit.com/r/VPN/comments/4oeqbi/only_nine_of_the_29_windows_vpn_clients_that_i/

    I really don't know what this has to do with helping me set up a firewall kill switch. I'm not here to expose PIA, because it's already well known they have a lot of issues with their client. I like PIA and just want to use the OpenVPN program instead with the firewall rules. I just can't get it working properly.
    I can tell you exactly what it has to do with helping you set up a firewall kill switch.... You made a statement about a fundamental function of the VPN service thus causing another member to say that they have never heard of such a thing happening. The individual was simply asking where you heard this info. It was a legitimate question. The link you provided actually provides no useful info at all since all it does is demonstrate something that's already known which is Windows will still make IPv6 connections unless you set PIA to disable IPv6. And even then, you need to insure that Windows respects that request. There are ways but I digress. There are many tutorials online with ways to do that which you seek. A quick Google search turned up dozens. The thing is, each varies based on what firewall program you're using, etc., etc. Here are the results; firewall killswitch
    If you actually read the link that i provided, the guy who ran the tests, said that IPv4 leaks as well sometimes during reconnects. That has nothing to do with disabling IPv6. The links on Google are all for other providers. PIA should give people information for setting it up with them. Since most of the links on Google require ip ranges from the provider.
    This has everything to do with IPv6. The VPN is IPv4 only. Disable IPv6 is an option in the official client.
  • FirewallKSHelpFirewallKSHelp
    edited July 2016
    OmniNegro said:

    FirewallKSHelp said:
    CJJacobs said:
    FirewallKSHelp said:
    moshbeast said:
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
    Just because you didn't see it doesn't mean it's not true. The kill switch doesn't always work and sometimes when you disconnect from it, it will go to your home connection, leaking packets. I have seen it happen many times to myself, I pretty much have to close all my important programs first before disconnecting for the VPN, to make sure the kill switch actually works. I also find myself connecting and then disconnecting and checking if my internet is actually blocked, because the kill switch just doesn't like to always work. Both IPv6 and IPv4 are known to leak from their client at times.

    https://www.reddit.com/r/VPN/comments/4oeqbi/only_nine_of_the_29_windows_vpn_clients_that_i/

    I really don't know what this has to do with helping me set up a firewall kill switch. I'm not here to expose PIA, because it's already well known they have a lot of issues with their client. I like PIA and just want to use the OpenVPN program instead with the firewall rules. I just can't get it working properly.
    I can tell you exactly what it has to do with helping you set up a firewall kill switch.... You made a statement about a fundamental function of the VPN service thus causing another member to say that they have never heard of such a thing happening. The individual was simply asking where you heard this info. It was a legitimate question. The link you provided actually provides no useful info at all since all it does is demonstrate something that's already known which is Windows will still make IPv6 connections unless you set PIA to disable IPv6. And even then, you need to insure that Windows respects that request. There are ways but I digress. There are many tutorials online with ways to do that which you seek. A quick Google search turned up dozens. The thing is, each varies based on what firewall program you're using, etc., etc. Here are the results; firewall killswitch
    If you actually read the link that i provided, the guy who ran the tests, said that IPv4 leaks as well sometimes during reconnects. That has nothing to do with disabling IPv6. The links on Google are all for other providers. PIA should give people information for setting it up with them. Since most of the links on Google require ip ranges from the provider.
    This has everything to do with IPv6. The VPN is IPv4 only. Disable IPv6 is an option in the official client.
    Do you not know how to read? I just said the guy who ran the tests said that IPv4 leaks as well on reconnects and said that you should set up a firewall as a fail safe, because the kill switch doesn't always properly work. I've used PIA for quite some time and have seen the kill switch fail on me as well.
  • OmniNegroOmniNegro
    FirewallKSHelp said:
    OmniNegro said:

    FirewallKSHelp said:
    CJJacobs said:
    FirewallKSHelp said:
    moshbeast said:
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
    Just because you didn't see it doesn't mean it's not true. The kill switch doesn't always work and sometimes when you disconnect from it, it will go to your home connection, leaking packets. I have seen it happen many times to myself, I pretty much have to close all my important programs first before disconnecting for the VPN, to make sure the kill switch actually works. I also find myself connecting and then disconnecting and checking if my internet is actually blocked, because the kill switch just doesn't like to always work. Both IPv6 and IPv4 are known to leak from their client at times.

    https://www.reddit.com/r/VPN/comments/4oeqbi/only_nine_of_the_29_windows_vpn_clients_that_i/

    I really don't know what this has to do with helping me set up a firewall kill switch. I'm not here to expose PIA, because it's already well known they have a lot of issues with their client. I like PIA and just want to use the OpenVPN program instead with the firewall rules. I just can't get it working properly.
    I can tell you exactly what it has to do with helping you set up a firewall kill switch.... You made a statement about a fundamental function of the VPN service thus causing another member to say that they have never heard of such a thing happening. The individual was simply asking where you heard this info. It was a legitimate question. The link you provided actually provides no useful info at all since all it does is demonstrate something that's already known which is Windows will still make IPv6 connections unless you set PIA to disable IPv6. And even then, you need to insure that Windows respects that request. There are ways but I digress. There are many tutorials online with ways to do that which you seek. A quick Google search turned up dozens. The thing is, each varies based on what firewall program you're using, etc., etc. Here are the results; firewall killswitch
    If you actually read the link that i provided, the guy who ran the tests, said that IPv4 leaks as well sometimes during reconnects. That has nothing to do with disabling IPv6. The links on Google are all for other providers. PIA should give people information for setting it up with them. Since most of the links on Google require ip ranges from the provider.
    This has everything to do with IPv6. The VPN is IPv4 only. Disable IPv6 is an option in the official client.
    Do you not know how to read? I just said the guy who ran the tests said that IPv4 leaks as well on reconnects and said that you should set up a firewall as a fail safe, because the kill switch doesn't always properly work. I've used PIA for quite some time and have seen the kill switch fail on me as well.
    Do you know how to write? "That has nothing to do with disabling IPv6." <--- Exact quote.
  • FirewallKSHelpFirewallKSHelp
    edited July 2016
    OmniNegro said:
    FirewallKSHelp said:
    OmniNegro said:

    FirewallKSHelp said:
    CJJacobs said:
    FirewallKSHelp said:
    moshbeast said:
    Exactly..I've searched everywhere, including this forum, and I can't find one article or post that mentions PIA's killswitch leaking packets...either I missed some big news somewhere, this person's got their wires crossed, or it's more fearmongering we've seen a lot of on here lately ( random people making bold unverified security issue type claims, and when called out, never responding, seemingly trying to scare people for some reasom, maybe to another VPN )...back up that claim please, I wanna read it
    Just because you didn't see it doesn't mean it's not true. The kill switch doesn't always work and sometimes when you disconnect from it, it will go to your home connection, leaking packets. I have seen it happen many times to myself, I pretty much have to close all my important programs first before disconnecting for the VPN, to make sure the kill switch actually works. I also find myself connecting and then disconnecting and checking if my internet is actually blocked, because the kill switch just doesn't like to always work. Both IPv6 and IPv4 are known to leak from their client at times.

    https://www.reddit.com/r/VPN/comments/4oeqbi/only_nine_of_the_29_windows_vpn_clients_that_i/

    I really don't know what this has to do with helping me set up a firewall kill switch. I'm not here to expose PIA, because it's already well known they have a lot of issues with their client. I like PIA and just want to use the OpenVPN program instead with the firewall rules. I just can't get it working properly.
    I can tell you exactly what it has to do with helping you set up a firewall kill switch.... You made a statement about a fundamental function of the VPN service thus causing another member to say that they have never heard of such a thing happening. The individual was simply asking where you heard this info. It was a legitimate question. The link you provided actually provides no useful info at all since all it does is demonstrate something that's already known which is Windows will still make IPv6 connections unless you set PIA to disable IPv6. And even then, you need to insure that Windows respects that request. There are ways but I digress. There are many tutorials online with ways to do that which you seek. A quick Google search turned up dozens. The thing is, each varies based on what firewall program you're using, etc., etc. Here are the results; firewall killswitch
    If you actually read the link that i provided, the guy who ran the tests, said that IPv4 leaks as well sometimes during reconnects. That has nothing to do with disabling IPv6. The links on Google are all for other providers. PIA should give people information for setting it up with them. Since most of the links on Google require ip ranges from the provider.
    This has everything to do with IPv6. The VPN is IPv4 only. Disable IPv6 is an option in the official client.
    Do you not know how to read? I just said the guy who ran the tests said that IPv4 leaks as well on reconnects and said that you should set up a firewall as a fail safe, because the kill switch doesn't always properly work. I've used PIA for quite some time and have seen the kill switch fail on me as well.
    Do you know how to write? "That has nothing to do with disabling IPv6." <--- Exact quote.
    If you actually learned how to read, you would have seen that i was referring to "If you actually read the link that i provided, the guy who ran the tests, said that IPv4 leaks as well sometimes during reconnects"

    I was referring to that when i said "That has nothing to do with disabling IPv6" as it doesn't. The fact is that IPv4 does leak using the program and it has happened to me. If you don't run the program a certain way each time and triple check each time you connect, packets will leak.
  • OmniNegroOmniNegro
    I have a great idea. Why not ignore anything that does not confirm your opinions and insult everyone. Good idea. Have a nice life.
  • FirewallKSHelpFirewallKSHelp
    OmniNegro said:
    I have a great idea. Why not ignore anything that does not confirm your opinions and insult everyone. Good idea. Have a nice life.
    Kind of like what you did, you fucking hypocrite. I'm pointing out facts that have proof to back them up. You're just defending a program based on the fact that PIA made it. The fact of the matter is that the kill switch in the PIA program is buggy at times and sometimes leaks IPv4, that is correct. IPV4, not only IPV6. This is a fact. If you don't like it and can't see the truth, you don't belong on these forums, because you're just a blind sheep who follows with out asking questions. I simply wanted an updated guide on setting up a firewall for PIA and it turned into people acting like they know everything. I don't even hate PIA. I've used them for over 3 years. I'm just getting sick of how buggy their kill switch is in windows 10 and wanted to go to a more secure method. You can have a good life as well, keep blindly following everything with out asking questions or researching.
  • crapecrape
    edited August 2016
    fwiw

    after several notices from my internet provider recently (never got them before), i started using PIA and it works great!

    but when i tested the PIA kill switch option (which some on reddit and elsewhere had reported did not work consistently), i found that it would work after initial startup - but that if you exited PIA and restarted it, it would not maintain the correct killswitch settings, requiring the settings to be newly set up again after each PIA restart - and if i did not reset the killswitch option, i would no longer have killswitch protection

    interacting with PIA's tech support on the issue, they gave me the template of a working killswitch json script file (which input into my specific network settings) -

    here is the syntax in the json file (titled "killswitch_state.json" and found in the PIA data directory) for the killswitch to be correctly enabled - correct json file syntax:

    {"killswitch":true,"saved_default_gateway":"192.168.1.1","saved_openvpn_gateway":null,"standard_route_removed":true,"watching_standard_route":true}

    note that it is specific to my default gateway IP address, which for me is 192.168.1.1 - if you have a different default gateway IP, you should edit that address into the syntax

    but each time after i run and exit PIA, the syntax of the "killswitch_state.json" file is changed by PIA (i suspect to allow you normal non-VPN / non-kill-switched access to the internet) to the following - (reverted by PIA and incorrect killswith json file syntax):

    {"killswitch":true,"saved_default_gateway":null,"saved_openvpn_gateway":null,"standard_route_removed":null,"watching_standard_route":false}


    now, when you then restart PIA, with this above changed syntax in your killswitch file, you will NOT be killswitch protected (as the killswitch option is intended to do)

    that is, unless you FIRST change the file back from the second syntax to the first

    to do that more easily, i keep a backup copy of the correct "killswitch_state.json" file, which i drag and drop into a shortcut into my PIA data directory

    when i do this, it asks me if i want to overwrite the existing file (which is 139 bytes) with my saved (correct) file (which is 147 bytes), and is older, or course


    so if you copy the syntax of the correct killswitch json into a text file and save it, but then rename the entire file name to be "killswitch_state.json", you will have the correct json to copy back into the PIA data folder after each PIA shut down, so that the next time you start it, the killswitch option is correctly enabled

    so that after each exit of PIA, i simply copy the correct json script back into the pia data directory, overwriting the json which has changed after each PIA exit (and it changes 100% of the time for me on exit, such that the killswitch did not work after exit and restart)

    everyone who uses PIA on Windows (and maybe other OSes as well, but i don't know) will very likely have this occur, such that this fix should always work


    ~~~~~~~~~~

    but i also had another problem that others may not have - i have assigned the devices on my network to a static IP address - and i also found that on each exit, PIA will change my IP address (i use only IPv4 on win7) from the static address that i previously set, to be an automatically assigned IP address - this knocks out my router's port forwarding for certain programs on certain computers - and it also resets my static DNS server (i use google DNS) back to automatic DNS IP as well - i found that i could not easily connect to the internet with all programs that do so

    so i wrote a batch file (which i titled "reset.bat") that changes the network settings back, that i also run after each PIA shutdown

    here is the 3 lines of syntax of that batch file:

    netsh interface ip set address name="Local Area Connection" static 192.168.1.224 255.255.255.0 192.168.1.1
    netsh interface ipv4 set dns "Local Area Connection" static 8.8.8.8
    netsh interface ipv4 add dns "Local Area Connection" 8.8.4.4 index=2


    ~~~~~~~~~~~~~~


    so to recap, on each exit of PIA (since i don't need or want PIA running 24/7), i now do two simple things:

    - i drag & drop copy (not move) the correct PIA killswitch json script file back into (a shortcut on my desktop to) PIA's data directory and click yes to confirm replace (overwrite)

    - then i run the network IP reset batch file

    and then all is good with PIA killswitch protection for each subsequent run!  (but only if done after EACH PIA exit)  

    test it out and see if this works for you

    for convenience, here are links to the two files i use (which need to be updated to your specific network settings)


    "killswitch_state.json"

    https://mega.nz/#!gJZnyYKQ!evn3MgbiL7a0GMpokQ880D1aYg4fWD-6sOTWehCbzBg

    network static IP and static dns  "reset.bat"
    https://mega.nz/#!IBQlSZTA!O5YteKoLHqzS5mgX0CLQ7ZpcjAjqAGnE_lwLbSGJKjw

    or else just copy the syntax given above into files that you can create yourself



     

Sign In or Register to comment.