Allowing Windows Firewall to block apps while using VyprVPN

Hi all,

I have a big problem where before using a VPN I had Windows Firewall Control app prevent certain apps from accessing the internet. It used the windows firewall and blocked all access that I didn’t grant.

This setup was working well for me as I was able to block telemetry apps and other nuisances that kept using my bandwidth.

The problem I am facing now started when I started using VyperVPN (and generally most VPNs NordVPN,AirVPN etc).

Now the traffic almost completely bypasses Windows Firewall and it is as if I had no firewall at all.

I say almost completely because I still get some popups from the firewall, but rarely.

When I used to install a software which had addons of bloat bundled with it, it was no big deal at all. The firewall by default pops up and asks you for permission and as long as you haven’t granted it yet it will stay completely offline.

Now installing those softwares is a pain in the butt as you might imagine.

I am currently using VyprVPN using Chameleon protocol to bypass my ISP’s block on VPNs. Before VyperVPN i used to use OpenVPN on SSL as I couldn’t connect to VPN otherwise.

Is there a method or a certain firewall that I can with which I can block apps regardless if I am using VPN or not?

Thanks

Hello, @AngelicCore

I’m sorry to hear of the trouble.

You should be able to configure Windows Firewall with custom inbound and outbound rules to ensure an application is only allowed network access when the VPN is connected. We don’t have a tutorial for it, but in short, you’d need to create an allow and deny rule both inbound and outbound. So, 4 rules total, for any app you wanted to restrict access to. Also, the TAP adapter would need to be set as public and the LAN adapter as private. Then, make the rules accordingly. As we don’t have any specific guides on how to do this with Windows Firewall, you may need to research this independently.

I hope this helps!

Regards,
Logan
Golden Frog Technical Support

Hi Logan,

Thanks for your reply.

I think you misunderstood my question - I was hoping for a way to block an application from the internet even when connected to VPN.

Thanks!

This is the reply from Windows Firewall Control(An app which controls Windows Firewall) dev when I asked him about this issue:

I do not have an account for this VPN provider and can’t test it. I tested WFC with AirVPN and TunnelBear and what you describe did not happen. Anyway, WFC does not block or allow any connection, this is done by Windows Firewall itself based on the existing firewall rules. However, if this VPN provider uses a custom filtering module which acts like a software proxy then it may be possible that once you allow the VPN executable, all connections may be allowed because the traffic goes through the VPN software. The problem here is between VPN and Windows Firewall.

I would send a support email to VyprVPN developers and ask them about any incompatibility between Windows Firewall when outbound filtering is enabled and their software. Tell them that you have enabled outbound filtering in Windows Firewall and that you have created only a few allow rules. When you connect to their VPN, the programs that should be blocked have access to the Internet. Unfortunately, the problem and the solution is not at WFC level. If you find out what causes this or which setting you had to enable/disable, please let me know so that I can guide other users with a similar scenario.

Thanks for sharing that info @AngelicCore.

I believe I understand what you are trying to achieve here. Please note that is not an officially tested use case on our end. Overall, while how you control your firewall and applications on your system is your prerogative, it’s not a usage of our app on Windows that’d we’d support, so I can’t offer any real solution at the moment. Not for lack of wanting to assist, but because I am not sure how to fix the issue and I don’t believe this to be a bug with VyprVPN specifically.

However, I did inquire with a member of our development team and they were unable to reproduce the problem. The test involved blocking Windows Store in the firewall and then establishing a Chameleon connection. The block remained in place until it was removed manually from the firewall. I want to also relay some of the dev’s theories/observations:

  1. Windows Firewall or the relevant rules on the client’s machine (yours) was inadvertently misconfigured around the same time VyprVPN was installed.
  1. Windows is being buggy and needs to up updated.
  2. Chameleon, being a proxy, is bypassing the system firewall in some weird, unexpected scenarios.
  3. OpenVPN is bypassing the system firewall in some weird, unexpected scenario.

To add to those possibilities myself, I wanted to point out that you had mentioned other VPN software/providers had resulted in this same behavior on your machine. This leads me to believe that it’s not an issue specific to our service or software, but perhaps with universally used VPN software, such as the OpenVPN TAP adapter. This is a common adapter used by most/all VPN providers who offer OpenVPN as a protocol.

I would recommend posting this question on a tech forum like the OpenVPN forum or Super User. If you end up fixing the problem, I would be very interested to know the solution. If I find anything else out on my end that might help, I will certainly update you here.

Nick
Golden Frog Support