Page 1 of 3

Using with VPN

Posted: Fri Oct 19, 2012 6:47 pm
by LTC_CAT
Hi,

I've recently downloaded Little Snitch.

I'm using a paid VPN service for anonymity, and I wish to use LS to prevent all network connections that don't go through the VPN tunnel, but I cannot figure out how to do that.
Is that possible?

Thanks for your help!

Re: Using with VPN

Posted: Fri Aug 16, 2013 8:31 pm
by nick88
Up... I'm also interested in this topic.

Re: Using with VPN

Posted: Sun Oct 06, 2013 1:41 am
by WebDesZ
Use the configuration provided in following thread: http://forums.obdev.at/viewtopic.php?t=8650

(It seems as their is no bug)

If many people need this, I will make a detailed tutorial about this.

Re: Using with VPN

Posted: Thu Oct 24, 2013 3:11 pm
by littlewitch
I have set 5 different profiles and the only one I can't get to work is for my VPN. I use OpenVPN via Tunnelblick, and I need help with getting that connection to show up in Little Snitch.

Some people seem to get it to work with OpenVPN (like the one who posted in this thread right above this post) but I'm not sure if that is with a separate network configuration in OS X built in network settings panel? I only have 1 Wi-Fi connection configured, and when I connect to my VPN service I use Tunnelblick. When I'm done I disconnect Tunnelblick, still connected to the same Wi-Fi. Will this prevent me from being able to use automatic profile switching for my VPN?

I'm guessing Little Snitch only works with whatever connections are listed in OS X network settings panel, since that's where the iPhone tethering options for bluetooth and USB are listed along with Wi-Fi and ethernet, and they all work. Please, if anyone has a solution let me know, it's the last piece I need for a complete configuration.

In the meantime I'm looking into Apple Script. If anyone can help me out please share. I'm thinking something like:

tell application "Little Snitch Configuration" to activate profile "VPN"
then tell application "Tunnelblick"
connect "VPNconfig"
get state of first configuration where name = "VPNconfig"
repeat until result = "CONNECTED"
delay 1
get state of first configuration where name = "VPNconfig"
end repeat
end tell

But I haven't tested this as I'm not very good with Apple Script. All I have done is look around the web for solutions to other problems and tried to combine the solutions to my own need, but I need help making it work. I have also tried to create a universal keyboard shortcut to activate the nested menu item "Profiles->VPN" in the keyboard shortcuts settings but that didn't work. I tried all of the different Little Snitch applications (the agent, the config and so on), and even a universal shortcut but it didn't work..

Hopefully this post can inspire someone to finish off my idea :roll:

Re: Using with VPN

Posted: Mon Oct 28, 2013 1:01 pm
by manfred
LTC_CAT wrote:I'm using a paid VPN service for anonymity, and I wish to use LS to prevent all network connections that don't go through the VPN tunnel, but I cannot figure out how to do that.
Is that possible?

That's definitely possible. I would suggest the following configuration:

At least two different profiles:
  • Untrusted
  • Trusted
In Preferences choose to activate your »Untrusted« profile when joining an unknown network. In your »Untrusted« profile create rules
to deny all unwanted traffic. In addition assign your »Trusted« profile only to your VPN connection and add allow rules according to your
usage.

littlewitch wrote:I'm guessing Little Snitch only works with whatever connections are listed in OS X network settings panel, since that's where the iPhone tethering options for bluetooth and USB are listed along with Wi-Fi and ethernet, and they all work. Please, if anyone has a solution let me know, it's the last piece I need for a complete configuration.

Besides the built-in options, Little Snitch should detect OpenVPN as well. If you notice any issue in this case, please contact our technical support.

littlewitch wrote:In the meantime I'm looking into Apple Script. If anyone can help me out please share. I'm thinking something like:

Little Snitch protects itself against scripting. It is not possible to switch profiles using AppleScript.

Re: Using with VPN

Posted: Tue Nov 19, 2013 6:45 am
by please
WebDesZ wrote:Use the configuration provided in following thread: http://forums.obdev.at/viewtopic.php?t=8650

(It seems as their is no bug)

If many people need this, I will make a detailed tutorial about this.


If you're still willing to make one, I'd appreciate that, thanks!

Re: Using with VPN

Posted: Thu Nov 21, 2013 5:50 am
by Rough Cut
please wrote:
WebDesZ wrote:Use the configuration provided in following thread: http://forums.obdev.at/viewtopic.php?t=8650

(It seems as their is no bug)

If many people need this, I will make a detailed tutorial about this.


If you're still willing to make one, I'd appreciate that, thanks!


I would also be interested too and although I work through VPN often I also need to switch or allow my ISP mail connections which don't always work via VPN with a mail client. So any thoughts there would be appreciated also.

Re: Using with VPN

Posted: Sun Dec 08, 2013 10:27 am
by macuser
I'm interested too!

Re: Using with CloakBox ProVPN

Posted: Thu Dec 19, 2013 5:22 am
by Grant
Just ordered CloakBox Pro VPN router. Since this is a router, rather than VPN s/w config, will Little Snitch work without these suggested VPN configurations?

Re: Using with VPN

Posted: Sat Dec 21, 2013 10:30 am
by Blaine76
Thanks for the post!

Re: Using with VPN

Posted: Sat Jan 25, 2014 11:58 am
by jadanke
Once again for me, please. Und am liebsten auf deutsch.

I want to create a rule which allow a specific app to connect to specific IP-Range.
I create a rule and choose "allow" at first for the incoming for the specific process, and IP-Range from 212.xxx.xxx.1 to 212.xxx.xxx.255 and the same for outgoing.
I'm connected with my vpn-prog to a server with this special IP but little snitch asked me again for permission to connect?
I thought this rule is for alle connection when I'm connected to this vpn-location. How can I create a rule that works?

Re: Using with VPN

Posted: Thu Mar 24, 2016 1:26 pm
by bradhaddin81
I have already searched for LS to connect all network without any difficulty but I thing Ivacy vpn https://www.ivacy.com/australia-vpn/ is more useful in these conditions through this you can connect multiple networks which is the most valuable advantage. It is also having 85% Easter VPN discount offer which we have not seen before in industry.

Re: Using with VPN

Posted: Wed Mar 30, 2016 8:08 pm
by niko käst
I am not a securities expert, but isn't the point of premium paid VPNs (the reliable ones, anyway) that ALL internet traffic is encrypted in the tunnel? Mine does...if yours doesn't cover certain protocols, like BitTorrent for example, then it isn't "premium" and you should switch providers. Lately I've seen some incredible lifetime memberships to some of the top rated VPNs for about 50$!. I jumped on that right away.

On another note, I too would be very grateful for an applescript to block connections when VPN drops. I have also submitted this as on official feature request, as many VPNs offer their own clients which can be preconfigured to autoquit specified apps if/when connection drops.

Re: Using with VPN

Posted: Thu Mar 31, 2016 3:20 am
by RLD
This is what profiles can be used for. Set up one as a proxy profile with vpn and your bittorent client allowed. Then set up one as a no proxy profile with the bittorent client denied/incoming/outgoing. when the vpn goes down profile switches to no proxy and nothing is passed by the bittorent client. Sorry to say it works great for me. If it doesnt work for you then you need to rethink how your rules are set up.

Your VPN client needs to allow your VPN providers specific server IPs/ports. I use tunnelblick normally; as well as my VPN providers client sometimes. My VPN provider has 40 diff servers and dynamic IPs within those servers. So I have multiple range IPs in my rules... i.e. 138.202.24.000/60

Except in a few cases I do not allow any ports outside 1030-65535 for all programs unless they specifically need them like mail/web browser/vpn/local only network/time protocol. I dont use chat programs/mail in any form while on my vpn. or programs that act as a browser such as a rss reader as they can leak your real ip.

It was mentioned earlier that LS cannot use applescript. This is false, You have to enable Allow gui scripting and scripting addition in preferences under security.

Re: Using with VPN

Posted: Sat Jul 23, 2016 11:41 pm
by ferologics
WebDesZ wrote:Use the configuration provided in following thread: http://forums.obdev.at/viewtopic.php?t=8650

(It seems as their is no bug)

If many people need this, I will make a detailed tutorial about this.


Was this a thing? I'd really find this useful.

Can't seem to find anything and I'm having huge pains with the automatic profile switcher:
- doesn't use set up profile that is supposed to block connections on startup, while OpenVPN is connecting
- when I disable tunnelblick it does not switch to that profile either