2

This is really a follow-up question from this: Stun scripts/webRTC IP leaks

I'm connecting to a VPN using a virtual adapter, which has a default routing rule so all traffic goes through it. I still have the real adapter and it needs a specific routing rule so the virtual adapter can connect to the VPN. The problem is, apps can see both adapters and can work out their public IPs.

With regard to disabling WebRTC, I'm not sure I see the point of trying to disable a specific app (the browser) from trying to find a public IP if it can be found. For that matter, what if you wanted WebRTC functionality with a VPN.

It seems like I need some way to block regular apps (browser or otherwise) from seeing the real adapter or routing through it, yet still allow the VPN connection to see it. Is this even possible? (e.g. run the vpn connection under a different user and only grant permission to use the real adapter to that user)

With a physical configuration, where I have a separate router to transparently tunnel all traffic through the VPN, this would be trivial. A virtual machine could have its traffic routed similarly. Both cases seem quite solid and I don't see how an app could figure out the real IP. Is there a way to get this effect natively on the one machine?

jozxyqk
  • 121
  • 3

1 Answers1

1

You need to configure your firewall to only allow traffic over the VPN connection. I can't be more specific because it depends on your firewall on how to accomplish this.

David-
  • 434
  • 2
  • 8
  • won't this interfere with the virtual adapter's connection to the VPN? – jozxyqk Oct 13 '15 at 14:46
  • 1
    You configure your firewall to only allow outbound traffic to your VPN server, and allow all traffic over the virtual adapter/VPN – David- Oct 13 '15 at 15:05