Using with VPN

[kylepmorris5]

Hi, You can use LS to prevent all network connections that dont go through VPN tunnel. I am using PureVPN with Little Snitch. Follow these simple steps:

Step 1: Install Little Snitch

Go ahead and install Little Snitch.

Step 2: Stop the filter and switch to silent mode

Little Snitch has a tendency to be a bit verbose, and will pester you with questions as soon as any application attempts a connection, which can rapidly get annoying.

Fortunately, there is a “Silent Mode”, which will automatically allow/deny any connection, and offer us some peace while we work on the configuration. So:

Stop the network filter

Set “Silent Mode” to “Deny”

Step 3: Delete all default rules

Little Snitch comes with a couple of default rules. They are mostly harmful, but if you are worried about your privacy, it can’t hurt to be cautious. So let’s start from an empty environment.

Open the “Rules” screen:

Delete or disable all the rules. You may get a few warnings, but just go ahead and do it anyway (you can always restore the factory defaults later).

I only keep 3 main rules:

DNS

Outgoing connections to local network

Incoming connections (though it’s safe to disable those as well)

Step 4: Create a new profile

First, we need to enable “Automatic Profile Switching”:

Now, let’s create our VPN profile:

Finally, we restart the network filter:

Turn Wifi on and off

And now Little Snitch wants you to choose a profile. If this your home connection, you could choose the newly created VPN profile. If you are at an unsafe location, or if you simply prefer to have VPN activated at all times, select “Deactivate Active Profile”:

Since the default rules do not explicitly allow any connection, and we have set “Silent Mode” to “Deny”, we basically lost internet access:

That’s what we wanted Let’s now configure the VPN.

Step 5: Creating new rules

We succeeded in stopping access for all applications, but the truth is: the VPN itself needs access. So we need to create a few rules for that.

Try to start the connection:

At this time, the VPN won’t be able to connect, but since we activated Silent Mode, the connection attempts will appear in Little Snitch and we can create new rules:

As soon as the rules are created, the VPN connection will succeed and you will be prompted with the familiar dialog. Choose “VPN & Safe Networks”:

Finally, now that the association has been made between the VPN network and the VPN profile, we need to restore access to all applications. Go back to the rules window, and click “New”. You will need to create 2 rules. One for all applications owned by you, and one for all system applications:

If all goes well, you now have full internet access:

[emjenny]

Hi,

I've recently downloaded Little Snitch.

I'm using a paid VPN service for anonymity, and I wish to use LS to prevent all network connections that don't go through the VPN tunnel, but I cannot figure out how to do that.
Is that possible?

Thanks for your help!

Yes This is possible with purevpn. I am using Split tunneling with this vpn provider.

[nickonstick]

Hi, You can use LS to prevent all network connections that dont go through VPN tunnel. I am using PureVPN with Little Snitch. Follow these simple steps:

Step 1: Install Little Snitch

Go ahead and install Little Snitch.

Step 2: Stop the filter and switch to silent mode

Little Snitch has a tendency to be a bit verbose, and will pester you with questions as soon as any application attempts a connection, which can rapidly get annoying.

Fortunately, there is a “Silent Mode”, which will automatically allow/deny any connection, and offer us some peace while we work on the configuration. So:

Stop the network filter

Set “Silent Mode” to “Deny”

Step 3: Delete all default rules

Little Snitch comes with a couple of default rules. They are mostly harmful, but if you are worried about your privacy, it can’t hurt to be cautious. So let’s start from an empty environment.

Open the “Rules” screen:

Delete or disable all the rules. You may get a few warnings, but just go ahead and do it anyway (you can always restore the factory defaults later).

I only keep 3 main rules:

DNS

Outgoing connections to local network

Incoming connections (though it’s safe to disable those as well)

Step 4: Create a new profile

First, we need to enable “Automatic Profile Switching”:

Now, let’s create our VPN profile:

Finally, we restart the network filter:

Turn Wifi on and off

And now Little Snitch wants you to choose a profile. If this your home connection, you could choose the newly created VPN profile. If you are at an unsafe location, or if you simply prefer to have VPN activated at all times, select “Deactivate Active Profile”:

Since the default rules do not explicitly allow any connection, and we have set “Silent Mode” to “Deny”, we basically lost internet access:

That’s what we wanted Let’s now configure the VPN.

Step 5: Creating new rules

We succeeded in stopping access for all applications, but the truth is: the VPN itself needs access. So we need to create a few rules for that.

Try to start the connection:

At this time, the VPN won’t be able to connect, but since we activated Silent Mode, the connection attempts will appear in Little Snitch and we can create new rules:

As soon as the rules are created, the VPN connection will succeed and you will be prompted with the familiar dialog. Choose “VPN & Safe Networks”:

Finally, now that the association has been made between the VPN network and the VPN profile, we need to restore access to all applications. Go back to the rules window, and click “New”. You will need to create 2 rules. One for all applications owned by you, and one for all system applications:

If all goes well, you now have full internet access:

Thankyou for this guide. I was also trying to run PureVPN with Little snitch but was facing some problems. Finally solved it by this guide. Thanks very much. I would also like to test ExpressVPN with it in future. But After reading this guide and Review of PureVPN I decides to stay with it and give it another try

[martinleo]

We assume that paid VPN is the solution to each and every problem including VPN configuration issues but most of the times we are wrong. Actually, all the paid VPN does not support to setup over different devices. I was using a paid VPN and have faced configuration issues on multiple devices but later I started using ExpressVPN it's the who is reliable in the VPN industry which supports maximum devices and have separate setup guides.

[Brandon Hobart]

If you are already using a paid VPN connection than what's the difficulty? Using a VPN, all you're internet traffic passes through the secure VPN tunnel. So, there is no chance that any network connection does not pass through it. In case, your VPN service does not encrypt every request that is sent from your PC to the servers then you need to change it.
I am using PIA VPN and it encrypts all my online traffic plus, it hides my IP and hence my identity and location. You can google it or read some reviews about PIA VPN https://www.vpnanalysis.com/private-int ... -review/so that you may clear any queries popping up in your mind. You can also visit the official PIA VPN website to gain more details (if necessary).

[Chazzo]

Does anyone have specific experience with TunnelBear and LS?

I can't reliably get TunnelBear to start a VPN connection while LS is active. Sometimes it works, but often it doesn't. If I disable LS I can always get TunnelBear to connect. I can then turn LS back on and all is OK.

Apart from being annoying, this defeats the whole purpose of using LS to block all connections until the VPN is up. I've been watching LS alerts while TunnelBear tries to connect, but I can't pin down anything that helps. It's as if the initial startup of TunnelBear requires a connection that LS blocks without reporting.

Apart from that, the advice about profile switching that folks have posted here, and specifically this tutorial, is all working fine for me.

[BuddyOwen]

We assume that paid VPN is the solution to each and every problem including VPN configuration issues but most of the times we are wrong. Actually, all the paid VPN does not support to setup over different devices. I was using a paid VPN and have faced configuration issues on multiple devices but later I started using ExpressVPN it's the who is reliable in the VPN industry which supports maximum devices and have separate setup guides.

Totally agree, not all paid VPNs provide high quality services as have been declared. But I can say the same about all services offered on the market.
Anyway, expressvpn is a really decent service, but for me it's prohibitively expensive. There are cheaper VPNs that also offer various benefits and functions.

[hoangthiennam9x]

tks you very much! so good ^^

[macmicke]

It was mentioned earlier that LS cannot use applescript. This is false, You have to enable Allow gui scripting and scripting addition in preferences under security.

This is not true at all as you illustrate in your post. GUI scripting is scripting of the GUI, i e it's the graphical interface that uses scripting, not an app. Scripting of a process resource like an app means the app itself must support scripting by having a Dictionary. Does Little Snitch have a Dictionary? Does LS execute scripts?

[BuddyOwen]

I never question that but I'm sure that https://www.bestvpnrating.com/how-set-vpn will help you out with this. I think it's possible and as I read through here I can tell that it's really not difficult to set up. Good luck and write back when you have results.

[TheMongoose]

Rather than arguing about which VPN provider and their custom software is "best" (which will be different for different use cases anyway!), my question is:

How do I get Little Snitch to recognise when I've used the native Apple VPN in MacOS?

It somehow shows up in the "Automatically activate this profile bit", but I can't add it manually and it doesn't actually change profile when I connect or disconnect from it.

Thanks.

[JammieR]

Looks like all the hot vpn users are here, marketing their products. Well using with vpn service is the thread. I am using the best US VPN available in the market in term of price and features.
Totally agreeing with the above post that there is a hell lot of difference between paid and free vpn service.
In paid you are getting full encryption and security, where as in free you are getting a black listed IP address.
I use a paid vpn service for streaming and torrent. I Prefer using a popcorn time vpn for accessing illegal video content.

[clayvligon]

I am an advocate of using VPN for any purpose for your system but highly against of using free VPN as they do not provide the same security protocols as the paid ones do. I too use VPN for popcorn time for watching movies and shows and it has never let me down. If you are a noob or do not have an expertise in the domain of security then I would definitely recommend this blog 5 best VPN of 2017. I hope it helps everyone out there.

[markhascole]

Your article is outdated, expressvpn failed to connect on netflix, netflix banned all vpn.. Read this updated expressvpn review

Thanks for sharing up to date review.

[LLCoolJ94]

Wouldn't this be most easily accomplished at the network level rather than the application level? I managed to accomplish the same task at the network level in under 5 minutes.