Jump to content
TorGuard
  • 0

Internet Kill Switch

Rate this question


Torguard VPN User 1337

Question

Torguard VPN User 1337

What's the most reliable way to implement an internet kill switch on VPN disconnection?

 

I assume its either on-disconnection script to disable net adapters, or have the VPN manage the net adapters.

 

What adapters need to be disabled? Is it the adapter that connects to the internet router or the TAP adapter or both?

 

Is there an up to date guide anywhere?

 

Thanks

Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0

Hello,
 
The best method of implementing a proper killswitch is using a Firewall, there is no one guide that will work for every firewall software as each one is different. However if you are using Windows firewall, I wrote up a guide in the tutorial section you can use.
 
TorGuard VPN client has a killswitch feature built into it, what it basically does is it disables your primary network device upon disconnect. Here is some screenshots of how to enable it:
 

qLgbH9C.png
6fmZQL8.png



Here is a guide for: How to setup VPN Connection Scripts with TorGuard Client

Link to post
Share on other sites
  • 0
Torguard VPN User 1337

Hi,

 

Thanks for reply.

 

My net setup includes a Hyper-v virtual adapter. The physical cabled adapter 'Ethernet' doesn't appear in the VPN client list of adapters. 

Which one/s should I select?

 

torguard.jpg

Link to post
Share on other sites
  • 0

According to your devices, it should be "Broadcom NetXtreme Gigabit Ethernet", so from TorGuard interfaces screen I think it will be "Ethernet: Local Area Connection* 2", the virtual adapters are unnecessary to disable if they are sharing connection with your main network interface. You can confirm by opening cmdprompt and running: ipconfig /all

Link to post
Share on other sites
  • 0
Torguard VPN User 1337

Hi,

 

I don't think Hyper-v works like that. Once you create an external network on the virtual switch it 'disables' access to the physical adapter and creates a virtual adapter on the host OS. In fact although you can see the Broadcom adapter in the Network Connections view, it doesn't appear in the ipconfig /all list. 

 

Now I'm wondering how I can share the VPN connection from the VM OS. At the moment the host is using VPN and the VM is using the ISP route. How does the VPN client know where to route internet traffic to? I guess I don't know much about how VPN, TAP adapters and VPN routing works.

 

Any help appreciated

 

clip_image004.png

Link to post
Share on other sites
  • 0

Hi,

 

I don't think Hyper-v works like that. Once you create an external network on the virtual switch it 'disables' access to the physical adapter and creates a virtual adapter on the host OS. In fact although you can see the Broadcom adapter in the Network Connections view, it doesn't appear in the ipconfig /all list. 

 

Now I'm wondering how I can share the VPN connection from the VM OS. At the moment the host is using VPN and the VM is using the ISP route. How does the VPN client know where to route internet traffic to? I guess I don't know much about how VPN, TAP adapters and VPN routing works.

 

Any help appreciated

 

 

Your physical adapter is the broadcom one correct? If so, if you were to disable that, all virtual adapters that are sharing that connection would also lose internet access. If you take a screenshot of your ipconfig and share here I'll be able to help you confirm which adapter you need to disable. I am pretty sure it's "Ethernet: Local Area Connection* 2". You can allow TorGuard to disable the HyperV adapter, but like I said, it's rather pointless to do this if you are already allowing it to disable your physical device.

 

Just share the "TAP-Windows Adapter V9" adapter instead of Broadcom to force your network switch to use VPN connections only.

Link to post
Share on other sites
  • 0
Torguard VPN User 1337

The physical Broadcom adapter is not enumerated in the ipconfig /all and the Local Area Connection* 2 appears to be a Wi-Fi Direct Virtual Adapter that is disconnected anyway.

 

I've tried the killswitch feature for the Hyper-V virtual adapter and it appears to be unreliable. However just been messing around with the pre-connection and disconnection scripts and that appears to work ok. Disabling the virtual adapter kills all host OS internet comms.

 

I'm not sure about using the TAP adapter in the Hyper-V switch. That doesn't sound right. Is your advice based on a known working configuration?

 

Thanks

 

 

Wireless LAN adapter Local Area Connection* 2:

 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 16-70-12-E0-A9-2B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Link to post
Share on other sites
  • 0

Sorry, I don't have much experience with Hyper-V. Not sure if you will receive much help here on how to setup Hyper-V as it's rather an advanced subject. You might have better luck searching on an search engine more so than here, what version of windows are you running hyper-v on? I can see if I can ask one of my friends if they have a copy they can lend me to put on a test machine.

Link to post
Share on other sites
  • 0
Torguard VPN User 1337

It's Windows-10 Pro, which has Hyper-V client built in. You need to add Hyper-V as a Windows Feature, but its part of Pro.

 

As previously mentioned, when you add a physical network adapter as an external network in the Virtual Switch it creates virtual adapters in both the Host OS and the Guest OS and removes the physical adapter from the Host OS list of adapters, although you still see it as a Windows device.

 

This is why I don't believe adding the TAP adapter to the Virtual Switch would work out well. Windows would remove it from the Host OS and the VPN client would not be able to find it.

 

Maybe someone has done this before. 

 

Thanks for your help.

Link to post
Share on other sites
  • 0

It's Windows-10 Pro, which has Hyper-V client built in. You need to add Hyper-V as a Windows Feature, but its part of Pro.

 

As previously mentioned, when you add a physical network adapter as an external network in the Virtual Switch it creates virtual adapters in both the Host OS and the Guest OS and removes the physical adapter from the Host OS list of adapters, although you still see it as a Windows device.

 

This is why I don't believe adding the TAP adapter to the Virtual Switch would work out well. Windows would remove it from the Host OS and the VPN client would not be able to find it.

 

Maybe someone has done this before. 

 

Thanks for your help.

 

I happen to have a copy of Windows 10 pro, if I find a solution: I'll see about writing up a guide, no promises though! I wish you the best of luck, hopefully someone here can shed some light on the matter.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...