1. Portal Home
  2. Knowledgebase
  3. TorGuard Security Tweaks
  4. How to restrict any Application to TorGuard VPN using Windows Firewall

How to restrict any Application to TorGuard VPN using Windows Firewall

This guide will show you how to configure Windows Firewall to block any specified application (I have used Firefox as an example - but you can pick any application, e.g. utorrent or your preferred torrent client) from using your ISP connection, and permit it to connect the Internet using only the VPN connection. Unfortunately, this will not work with the built-in firewall in Windows XP or Vista.

Preliminary Considerations:

1. If you use an antivirus program such as avast! that has a Web Shield / Filter that passes HTTP traffic through an antivirus/malware scan, you may want to consider this post.

2. The IPv6 functionality in Windows 7 can also leak IP information - you may wish to disable it - see the guide here.

3. After you complete the steps in this guide, you may want to consider adding a rule to block all traffic that does not match a rule to the Domain and Private profile. See the guide here.

4. If you want to create these rules for one user account, and maintain less strict rules for another user account, please see this post

5. If you are blocking a torrent application such as uTorrent, you'll want to disable uTP, DHT, UPnP, Local Peer Discovery and IPv6.
Steps:
 
1. Connect to your VPN as you normally would. 

2. Open the Network and Sharing Center - right-click on the Internet connection icon in the taskbar and choose "Open Network and Sharing Center" (see below)

 
3. You should see (at least) two networks listed under "View Your Active Networks" - your VPN connection and one called "Network" - a.k.a. your ISP Connection. Ensure that your VPN is a "Public Network", and your ISP connection is "Home Network". If you need to change either connection, click it and an options window will appear (see below).
 

4. Go to the Control Panel and click System and Security (see below).

5. In the resulting window, click Windows Firewall (see below).

 
6. In the Windows Firewall  window, click Advanced Settings on the left pane (see below).  
Note: You must be logged in as an Adminstrator to make changes to the Firewall Settings.


7. You should see a window titled Windows Firewall with Advanced Security. In this window, click Inbound Rules (see below).

 
8.  On the right pane, you will see an option for a New Rule. Click it (see below).


9.  In the New Inbound Rule Wizard (which should appear), do the following:

  •  Choose Program and click Next.
  •  Choose the program you wish to block all traffic to except on the VPN connection, and click next. 
 
  •  Choose Block the Connection.
 
  •  Tick Domain and Private. Make sure Public is left unticked.
 
10. Repeat Step 9 for Outbound Rules.

When all of the above steps are complete, you should test the configuration. Run the application you made the rule for, and test that it is working when the VPN is connected. Start a download, and then disconnect from the VPN. If all is configured properly, the download should die immediately as the firewall will immediately block it from using your ISP-assigned IP address. If you wish to monitor traffic closely, use TCPView.
Was this answer helpful? 8 Users Found This Useful (8 Votes)

Related Articles

How to restrict Vuze to TorGuard VPN (Windows)

This guide aids you in configuring the Vuze torrent program to use only your TG VPN connection...

 How to restrict qBitorrent to TorGuard VPN (Windows)

To make things easier in Windows, you can rename the TAP interface. Open the Windows Control...