How to prevent an IP leak with Windows Firewall
Posted by Max Biggavelli on 09 December 2013 07:16
This article outlines a "blacklist-whitelist" method using the standard Windows Firewall to block all Internet traffic, unless connected to the VPN (via OpenVPN).Again understand that Traffic will be allowed through OpenVPN only and nothing else, that means no connectivity, no windows updates, not anything, except it goes through OpenVPN!

All described steps fall under your own "risk" but surely incase of any troubles, you can simply revert the changes afterwards.

So lets go..

1. Go to your windows Control Panel and click on System and Security

2. In the next window, click on Windows Firewall

3. First make sure Firewall is enabled and shows a green frame on Home & Public networks, incase you see a red frame, click on Turn Windows Firewall on or off and enable both accordingly!

Procceed now and click on Advanced Settings on the left panel (Note: You must be logged in as an Adminstrator to make changes to the Firewall Settings)

4. Click on the centered link "Windows Firewall Properties"

5. Choose Block for InboundOutbound and this in both, the "Domain Profile" AND the "Private Profile" and click on Apply. (by that ALL Traffic In&Out will be blocked as default - often referred to as Blacklisting)

6. Now that all Traffic is blocked, we need to specifically allow Traffic to our wanted Application in our case OpenVPN (often referred to as Whitelisting)

Create the required Inbound rule, click on Inbound Rules and on the right panel you will see an option for New Rule... appear, click on it.

7. Tick Program

8. Tick "This program path" and navigate to your OpenVPN folder and find the "openvpn.exe" ( for Win 7 the program path should be as shown in screen so "%ProgramFiles% (x86)\OpenVPN\bin\openvpn.exe" )

9. In Action we choose to Allow the connection (by that we exclusively allow traffic via OpenVPN only - Whitelisting)

10. In Profile tick on Domain, Private and Public

11. Give it a Profile & Description name of choice, we name it "Allow nVPN IN" click on Next and we are done for the Inbound rules part!

12. Important: Now that the Inbound rule is finished, dont forget that an identical Outbound rule is required too. Repeat the steps 6-11 and name the profile "Allow nVPN OUT" once finished.

Once the missing Outbound rule is created, you are done and all traffic will be blocked, which is not exclusively going through OpenVPN. A disconnect off the VPN, immediately results in an entire Traffic cut off.

(66 vote(s))
Not helpful