Force VPN Connection?

In Windows XP is there a way to force a VPN connection? Or, is there an easy way to block all non-VPN ports/traffic if needed?

I am concerned about my VPN disconnecting while using my laptop on a Wireless Hotspot. If the VPN disconnects Windows will try to send data over the insecure network.

For example, MSN Messenger might try to reconnect, Outlook might try checking my email accounts, etc.

I will be using the laptop on my home network also, so if there is a way to easily block and unblock everything but the VPN port that would be great.

Thanks!

 

I'm assuming you are talking about the inbuilt Windows VPN system rather than a 3rd party VPN client.

Yes, the VPN connection appears in "Network Connections" and you force it to connect and disconnect as you would any other network connection.

The default behaviour is for other ports to be blocked while the VPN is active.

Simplest way to deal with this is to use private IP addresses for your main network. The common private addresses start either 192.168. or 10.. These addresses are not valid on the internet and will be blocked. So if your mail server is 192.168.0.5, you can connect to it when you have the VPN connected, but the packets will be dropped if they are sent over the internet.

There is a chance someone could sniff the packets on the LAN you are connected to. The only way to absolutely avoid that is to block outgoing packets to the central network at your firewall (so that the only open path is via the VPN tunnel).

 

Thanks Reggie, you were correct that I was referring to the built in VPN client.

This would probably be the best solution for me. Does the built in Windows Firewall support blocking outgoing traffic? I don't think it does, but I might be wrong.

What would be a good firewall (Free preferably) to use to block all traffic but the VPN port?

 

Have a look at PeteC's article on helpwithwindows.com. This includes advice on free firewalls available.

 

Thanks again Reggie.

It feels like there should be a much easier way to do this. Prior to posting this thread I was using Zone Alarm Pro. I have not been able to duplicate what I want with it though.

I have been playing around with Kerio over the last hour and no luck also.

Basically I just want to block everything but PPTP (TCP/1723).

 

I wouldn't block ports. I'd block outgoing to your main network subnet. So say your main network is 192.168.0.0, set up a rule on the firewall to block all traffic with that subnet as the destination.

Of course, you'll need to switch this off if you connect your PC directly to the main network.