How to block ALL outgoing Internet traffic when my VPN connection goes down? (unmaintained firewall software)

IMPORTANT: The Sygate firewall has only been tested on Windows XP though it should work with all 32 bit Windows OS.

You will first need to install the Sygate Firewall. You can get a free version of the personal firewall from this link.

  1. Install with the typical setting installation, then on completion restart your computer.
  2. Go to Start Menu  Programs  Sygate Firewall  Sygate Personal Firewall

  3. Once you're on the console, click on Tools from the top menu and click on Advanced Rules, click OK on prompt warning message.

  4.    Now here you will have to specify a few rules which are as follows:

(4.1) First Rule: You will need to block all the traffic which is going through your main connection (ISP or your wireless router connection) To do this:

    • Click on add  In rule description specify Block All Traffic
    • Select action 'block this traffic' which should be selected as default
    • Select your main connection interface card if your using wireless than select wireless adaptor or incase of LAN select LAN from drop down menu
    • Click OK

(4.2) Second Rule: Since you already block all the traffic you won't be able to connect the VPN without opening VPN ports. So you need to first open VPN ports on it.

Open Ports for OPENVPN: If you're using OpenVPN, than you will need to add 1194 UDP port to allow the VPN to connect with VPN servers. To do this:

    • Click on add again
    • Rule description specify allow OpenVPN port
    • Select option to 'allow this traffic'
    • Now click on Ports & protocol tab  select protocol as UDP  and specify port 1194 in remote port option

Open Ports for PPTP: If you're using PPTP you will have to setup 2 rules one for PPTP port 1723 and a second for GRE port 47 since PPTP uses GRE for IP encapsulation.

    • Add new rule, description as allow PPTP,
    • Select action to 'allow this traffic' ,
    • go to Ports & protocol tab select Protocol type TCP and sepcify 1723 in remote port leaving all other options to default,
    • Click ok.
    • Add another rule same as above for GRE, the only option you need to change here is the protocol type which is IP type and select GRE(47) from another drop down menu, rest is the same.

(4.3) Third Rule: This is to allow all traffic which is going through VPN. To do this,

    • Click add, in description put 'allow VPN traffic'.
    • Select action 'allow this traffic'.
    • Select network interface card if you're using PPTP than select TUVPN interface adaptor or incase of OpenVPN, select TAP-32 adapter.
    • Click ok and exit yourself from advanced rules settings.


 

 

 

 After this, just VPN traffic should be able to leave your computer !

< Back to FAQs