TU VPN

Perma-Link

NOTE: This FAQ has been prepared to instruct you on how to make sure that traffic from specific applications does not leave your computer if the VPN connection goes down. We have a previous FAQ where we show how to block ALL outgoing traffic in case the VPN goes down. That FAQ is based on Sysgate firewall that is unmaintained. So, we have put up this new FAQ where we use an up-to-date firewall (Comodo) but with the limitation of just being able to block certain defined applications.
 

INSTALLATION

Install the Comodo Firewall software. You can access the download from this link,

http://personalfirewall.comodo.com/free-download.html


Adding TUVPN IPs as a 'Zone'

1. Go to the firewall tab → "Advanced" → "Network Security Policy"
2. Change the tab to "My Network Zones"
3. Click on "Add" → "A New Network Zone" → Name it as "TUVPN"
4. Right click on the newly created zone "TUVPN" → select "Add"
5. Select Option "An IP address Mask" → specify "10.0.0.0" / "255.0.0.0"
6. Click Apply → Click Ok

Adding rules to allow TUVPN connection and block certain applications

1. Go to the firewall tab → "Advanced" → "Network Security Policy"
2. Click "Add" under "Application Rules tab"
3. Browse an "Application" of which you want to restrict access over TUVPN only
4. Select "Use a custom Policy"
5. Click "Add"
6. Now we have to define 3 Rules. The order of the rules is important, so make sure to define the rules in the following order:
   • 1st rule:
     1. Select, Action: Allow , Protocol: IP , Direction: In
     2. Source Address tab → select "Any"
     3. Destination Address tab → select Zone → select “TUVPN” from drop down 
     4. Click Apply
   • 2nd Rule:
     1. Select, Action: Allow , Protocol: IP , Direction: In
     2. Source Address tab → select Zone → select “TUVPN” from drop down 
     3. Destination Address tab → select "Any"
     4. Click Apply
   • 3rd Rule:
     1. Select, Action: Block , Protocol: IP,  Direction: In/Out
     2. Click Apply

 Note: These are basic rules to allow certain applications access over a VPN connection. You can tighten up the settings and limit those rules to specific ports/protocols by changing Protocol.

You will have to define the above three rules for every Application you want to run over the TUVPN connection.