VPN activated Profile

General discussions about Little Snitch
gigiga
Posts: 3
Joined: Fri May 19, 2017 9:20 pm

VPN activated Profile

Postby gigiga » Fri May 19, 2017 9:36 pm

Hi,
I'm using LS for a while now, first to prevent my laptop to consume my mobile bandwidth when tethered. With more and more Public WiFis available (I live in germany, we're in the early stoneage in this matter) I was thinking about an automated switching to a Profile that allows traffic in and out only through my VPN.

I have my own VPN connection to my home network, set up through my home router, which works perfectly well. I found tons of tutorials how to establish connection only when connected to VPN.
But here's the catch: I can't get it to work, because the last step in the tutorials mostly is, create at least two new rules to allow everything in and out, thus overriding the initial allow for my VPN connection making it redundant as LS highlights it.

Image

So if I have an activated VPN connection or not, I am online, why should I define the allow rule for the VPN connection in the first place when I override it with two "allow-everything" rules afterwards? this doesn't make any sense. Can someone help me please?

hoplie13
Posts: 10
Joined: Tue Aug 25, 2015 4:13 pm

Re: VPN activated Profile

Postby hoplie13 » Sun May 21, 2017 1:53 am

Profile switching is a great option when you travel or use unsecured networks often and don't want to risk apps or info moving un-encrypted. So say you visit your bank and you want to make sure you never visit by accident on Starbucks wifi without VPN. You make it so that Firefox cannot access mybank.com over the regular profile yet anything is allowed over VPN.
At least that's my take.

gigiga
Posts: 3
Joined: Fri May 19, 2017 9:20 pm

Re: VPN activated Profile

Postby gigiga » Sun May 28, 2017 7:55 pm

And exactly that is my point. I don't want to deny single site access via a profile, I want to block any traffic before successfully connect to my VPN. When connected to that Tunnel for me it is ok to access the sites I usually allow when in my home network like you pointed out banking and so on. But as per my screenshot above this is not possible with the logic that an allow everything overrules my allow VPN first.
How can I block everything before successfully connect to my VPN with a similar setup?

lsguy
Posts: 1
Joined: Mon May 29, 2017 4:50 pm

Re: VPN activated Profile

Postby lsguy » Mon May 29, 2017 4:53 pm

You didn't mention exactly what you are using to connect to your home VPN. I have the setup you described working with both OpenVPN and IKEv2, both connecting to my home router. I used the instructions at http://asciithoughts.com/posts/2014/02/ ... thout-vpn/ . For OpenVPN, I had to use Viscosity to get things working, as I could never get Tunnelblick to work (LS would not "see" the VPN with Tunnelblick, but it does with Viscosity.

Hopefully that helps.

gigiga
Posts: 3
Joined: Fri May 19, 2017 9:20 pm

Re: VPN activated Profile

Postby gigiga » Fri Jun 02, 2017 7:12 pm

I use Cisco IPSec an connect via VPNAutoConnect. That works like a charme, also the related profile is activated as soon as the trigger VPN Domain is connected, but as initially described that doesnt have any effect on the internet connection itself. Until VPN is connected I have internet access even in totally unknown networks because of the redundant rule for the VPN.

In this case it would be nice to have something like ITTT rules for connections. If VPN (which is redundant now) is connected successfully, then the rest of the rules can be activated.


Return to “Little Snitch General”

Who is online

Users browsing this forum: No registered users and 2 guests