Jump to content
TorGuard

Search the Community

Showing results for tags 'firewall'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • The Lounge
    • TorGuard News
    • Introductions
    • General Stuff
    • Member Tutorials
    • TorGuard Reviews
  • TorGuard Software Releases
    • Network Status
    • TorGuard Client Releases
    • Android Client Releases
    • iOS App Releases
    • Chrome Extension Releases
    • Firefox Extension Releases
  • TorGuard VPN Support
    • VPN Questions and General Support
    • VPN Windows Support
    • VPN Mac Support
    • VPN Linux Support
    • VPN Router Support
    • iOS VPN Support
    • Android VPN Support
  • TorGuard Proxy Support
    • Proxy Questions and General Support
    • Firefox Extension Support
    • Chrome Extension Support

Found 5 results

  1. How to create VPN Killswitch with Windows 7/8/10 Firewall Stop leaks when VPN disconnects. Introduction Having troubles with your VPN disconnecting and exposing your true IP address(es)? With the Windows firewall you can eliminate accidental leakage. What's the difference between TorGuards VPN Client killswitch and a Firewall killswitch? Simple, the client disables your main network interface, while the firewall simply blocks all traffic without disabling any network interface. The main problem with any third party application that disables your network adapter is when the VPN connection is terminated, there is a very small window where your IP address can be leaked. Let's not forget to mention that if the client cannot disable the adapter, perhaps due to: security suite, permissions, or when a malfunctioning operating system interferes. A firewall, especially Windows Firewall will have minimum chances of failure if configured correctly; it is arguably the best firewall for Windows in my opinion. Requirements: TorGuard VPN Client Windows (Tested with 7/8/10) No third-party firewall Step 1: Setting main network adapter from Public to Private Step 2: Open Windows Firewall with Advanced Security Step 3: Backup Current Firewall Policy Step 4: Create Outbound Rule Step 5: Block all Connections for Private/Domain Step 6: Giving internet permission to applications manually Final Notes + WARNINGS If you ever get a firewall popup to add program, make sure to uncheck Private networks and only have Public networks checked before clicking Allow access; If you fail to monitor this, the killswitch will be pointless. Never allow any program to automatically add firewall exceptions. You should only do this manually or whenever you get prompted by Windows Firewall. This isn't a setup and forget solution. Existing firewall rules that are assigned the Private/Domain network spaces will be able to still connect, usually it's just local network related stuff. It would be good if you reviewed all rules and adjust them accordingly to your needs.
  2. If you are lucky to have pfsense box, then use this hack to create full proof kill switch: Firewall > Rules, Floating tab Action: Pass Disabled: unchecked Quick: checked Interface: WAN Direction: out TCP/IP Version: IPv4 Protocol: UDP Source: any Destination: TorGuard's IP ADDRESS Destination port range: VPN X port of TorGuard's VPN server Then below that rule: Action: Reject Disabled: unchecked Quick: checked Interface: WAN Direction: out TCP/IP Version: IPv4 Protocol: any Source: any Destination: any Destination port range: any That will allow outbound connections to only 1 IP on UDP X and block everything else. x = port
  3. This hack will create PF firewall rules on mac that will only allow in/out traffic to single IP (TG's VPN server in this case). When disconnect happens, you won't be able to surf, and only pinging that IP works. 1) Open Temrinal and type this
 sudo nano /etc/pf.conf Enter your admin password after that, and PF file will open 2) Scroll to the bottom, and add the following at the bottom --------- block out on en0 from 192.168.0.0/16 to any block out on en3 from 192.168.0.0/16 to any pass out quick on en0 from 192.168.0.0/16 to 178.162.216.8 pass out quick on en3 from 192.168.0.0/16 to 178.162.216.8 pass out quick on utun0 from any to any --------- These rules will block traffic on ethernet and on wifi, unless that traffic is going towards 178.162.216.8 (IP of TG's for example) or unless VPN is connected (last line), then traffic is allowed. Here utun0 is name of our virtual VPN adapter, and en0 and en3 are names of ethernet and wifi. You can find out those names by running “ifconfig†in terminal.
 3) Enable PF, by running in termial: sudo pfctl -e 4) Load the rules sudo pfctl -f /etc/pf.conf Now if VPN gets disconnected, you won't have access to internet, not counting the IP address specified before 5) To regain Internet access, disable PF in terminal sudo pfctl -d
  4. My office building's public WiFi blocks VPN connections. I was never able to connect to my former VPN host when on that network. I hoped that TorGuard's Stealth mode would solve this problem for me. Unfortunately, TorGuard VPN will not connect when I am connected to my office WiFi. I am using the Windows TG client. I have tried selecting the Los Angeles "Stealth" connection, both with and without the manual Stealth Proxy option. I have tried selecting other US connections, both with and without the Stealth Proxy option. Nothing works. The client just cycles between WAIT -> AUTH -> RECONNECTING endlessly. (When I'm not on my office WiFi, I have no problem getting TorGuard to connect properly.) I submitted a ticket to TorGuard Support, but they have been unhelpful. Anyone have any ideas what I can try? Are there log files for the Windows TG client that I can examine to see if there are any clues?
  5. Hi, I want to use VPN with for one of my servers (local). I set it up and it works as it should. Now, I want to make sure that if the VPN connection gets interrupted, this server can't access the web at. In other words: I'm looking into blocking all traffic (in and out) that does not go to the VPN server. To be honest, the VPN is not worth much (in my eyes), if you can be certain you can't get exposed if the connection drops! I thought this should be easy, just go and block everything in/outbound to that server using my hardware firewall/gateway and just allow access to the VPN host, let's say: melb.au.torguardvpnaccess.com (and yes, I allow everything to and from that server, any protocol). Well, no. Didn't work. The rule which should enable to communication to melb.au.torguardvpnaccess.com doesn't seem to be enough, the VPN can't get established. This tells me that the VPN needs to access something else other than just this one server to establish the connection and this is exactly what I would like to know: Which other hosts do I have to allow in my firewall in order for the VPN to work? kind regards
×