Internet Kill Switch

[Torguard VPN User 1337]

What's the most reliable way to implement an internet kill switch on VPN disconnection?

 

I assume its either on-disconnection script to disable net adapters, or have the VPN manage the net adapters.

 

What adapters need to be disabled? Is it the adapter that connects to the internet router or the TAP adapter or both?

 

Is there an up to date guide anywhere?

 

Thanks

[123]

.

[Torguard VPN User 1337]

Hi,

 

Thanks for reply.

 

My net setup includes a Hyper-v virtual adapter. The physical cabled adapter 'Ethernet' doesn't appear in the VPN client list of adapters. 

Which one/s should I select?

 

[123]

.

[Torguard VPN User 1337]

Hi,

 

I don't think Hyper-v works like that. Once you create an external network on the virtual switch it 'disables' access to the physical adapter and creates a virtual adapter on the host OS. In fact although you can see the Broadcom adapter in the Network Connections view, it doesn't appear in the ipconfig /all list. 

 

Now I'm wondering how I can share the VPN connection from the VM OS. At the moment the host is using VPN and the VM is using the ISP route. How does the VPN client know where to route internet traffic to? I guess I don't know much about how VPN, TAP adapters and VPN routing works.

 

Any help appreciated

 

[123]

.

[Torguard VPN User 1337]

^{The physical Broadcom adapter is not enumerated in the ipconfig /all and the Local Area Connection* 2 appears to be a Wi-Fi Direct Virtual Adapter that is disconnected anyway.}

 

I've tried the killswitch feature for the Hyper-V virtual adapter and it appears to be unreliable. However just been messing around with the pre-connection and disconnection scripts and that appears to work ok. Disabling the virtual adapter kills all host OS internet comms.

 

I'm not sure about using the TAP adapter in the Hyper-V switch. That doesn't sound right. Is your advice based on a known working configuration?

 

Thanks

 

 

Wireless LAN adapter Local Area Connection* 2:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 16-70-12-E0-A9-2B

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

[123]

.

[Torguard VPN User 1337]

It's Windows-10 Pro, which has Hyper-V client built in. You need to add Hyper-V as a Windows Feature, but its part of Pro.

 

As previously mentioned, when you add a physical network adapter as an external network in the Virtual Switch it creates virtual adapters in both the Host OS and the Guest OS and removes the physical adapter from the Host OS list of adapters, although you still see it as a Windows device.

 

This is why I don't believe adding the TAP adapter to the Virtual Switch would work out well. Windows would remove it from the Host OS and the VPN client would not be able to find it.

 

Maybe someone has done this before. 

 

Thanks for your help.

[123]

.