Allow all traffic through VPN (tunnelbear, openvpn) on windows?

N

Nikita2021-02-13 04:55:27

openvpn

Nikita, 2021-02-13 04:55:27

Hello. There is win 10, tunnelbear vpn (which works through openvpn). How can I send all traffic through it? Already rummaged through the entire Internet, did not find a working case for myself.

The task is not to skip packets if vpn is disabled.
What I've tried:
1) On the built-in firewall, I can't block all outbounds and make an exception for tunnelbear at the same time. so it does not work
2) I tried to remove the route to the external interface (wifi), everything is fine until the vpn breaks, when connected - accordingly, it cannot connect, because. as of 0.0.0.0 there are no more routes. If I return the old route to the wifi interface - as long as the vpn connects - there is a chance that packets not through vpn will fly away in parallel.
If it was possible to screw something up here, it would be great, but I don’t really understand network chips, Google didn’t suggest anything.
3) tried to do a trick with the public/virtual network, if vpn is allowed in public, and wifi in private, and close all connections to private/domain - everything should go only through Public, and there will only be vpn. In theory, everything is harmonious plus or minus, but in practice the same problem - vpn does not want to connect, because. knocks on private which is closed.

Tell me some options, hands are almost down :)

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

R

rPman, 2021-02-13
@Nigrimmist

There is a very 'beautiful' and simple solution to your problem, without vpn, remove the default gateway in the network settings (set it as static or specify the dhcp server for a specific machine in the settings), then specify the static route to the vpn server in the console running with administrator rights (you will have to register all the ip addresses that the vpn provider uses, there are several of them, find out by contacting the provider statistics or collect it yourself)

route add IP_адрес_vpn_сервера MASK 255.255.255.255 IP_адрес_вашего_шлюза_в_интернет -p

-p - this is so that when this route is rebooted,
now the only place where the machine can go is the vpn server, after connecting to which the gateway will be already this vpn and the entire Internet will go through it

A

Alexey Dmitriev, 2021-02-13
@SignFinder

1. Enable the VigilantBear option. According to the description, it blocks any traffic that does not pass through TunnelBear.
2. It is not clear why you cannot use the built-in firewall. You just need to describe all incoming and outgoing traffic - for tunnelbear's connection to the server and for packets inside TunnelBear.
Then, next after these rules, put the rules prohibiting all entry and exit and turn them on or off with a command from the console.

K

ky0, 2021-02-13
@ky0

You want to use an extremely inappropriate system for this. There are special Linux distributions, consisting of two pieces - the gateway and the actual client part, precisely in order to ensure that not a single package leaves without anonymization (I'm talking about Whonix , for example).

A

Ahmed C, 2021-02-18
@Rorus

If your VPN server supports IPv6 and adds an IPv6 address to the client - which is very easy to do on the server - then in the DNS settings of the Windows ip4 network adapter, write fake, for example 127.0.0.1, and DNS ip6 - real, for example Cloudflare 2606:4700:4700 ::1111, 2606:4700:4700::1001. Then, when vpn is disabled, it simply will not resolve and traffic will not go

S

Sergey Goryachev, 2017-09-19
@webirus

RewriteCond %{QUERY_STRING} ^option=com_content&view=article&id=11&Itemid=7
RewriteRule ^.*$ https://site.ru/? [R=301,L]

As often happens with me - I asked and immediately found a solution.
Since I don’t need GET parameters on the site at all (all links are CNC), I removed everything at once.