Step 1: Install Little Snitch
Go ahead and install Little Snitch.
Step 2: Stop the filter and switch to silent mode
Little Snitch has a tendency to be a bit verbose, and will pester you with questions as soon as any application attempts a connection, which can rapidly get annoying.
Fortunately, there is a “Silent Mode”, which will automatically allow/deny any connection, and offer us some peace while we work on the configuration. So:
Stop the network filter
Set “Silent Mode” to “Deny”
Step 3: Delete all default rules
Little Snitch comes with a couple of default rules. They are mostly harmful, but if you are worried about your privacy, it can’t hurt to be cautious. So let’s start from an empty environment.
Open the “Rules” screen:
Delete or disable all the rules. You may get a few warnings, but just go ahead and do it anyway (you can always restore the factory defaults later).
I only keep 3 main rules:
DNS
Outgoing connections to local network
Incoming connections (though it’s safe to disable those as well)
Step 4: Create a new profile
First, we need to enable “Automatic Profile Switching”:
Now, let’s create our VPN profile:
Finally, we restart the network filter:
Turn Wifi on and off
And now Little Snitch wants you to choose a profile. If this your home connection, you could choose the newly created VPN profile. If you are at an unsafe location, or if you simply prefer to have VPN activated at all times, select “Deactivate Active Profile”:
Since the default rules do not explicitly allow any connection, and we have set “Silent Mode” to “Deny”, we basically lost internet access:
That’s what we wanted

Step 5: Creating new rules
We succeeded in stopping access for all applications, but the truth is: the VPN itself needs access. So we need to create a few rules for that.
Try to start the connection:
At this time, the VPN won’t be able to connect, but since we activated Silent Mode, the connection attempts will appear in Little Snitch and we can create new rules:
As soon as the rules are created, the VPN connection will succeed and you will be prompted with the familiar dialog. Choose “VPN & Safe Networks”:
Finally, now that the association has been made between the VPN network and the VPN profile, we need to restore access to all applications. Go back to the rules window, and click “New”. You will need to create 2 rules. One for all applications owned by you, and one for all system applications:
If all goes well, you now have full internet access:
